{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Xen versions 4.1 et post\u00e9rieures utilisant un syst\u00e8me OCaml xenstored.","product":{"name":"Xen","vendor":{"name":"XEN","scada":false}}},{"description":"XAPI toutes versions post\u00e9rieures \u00e0 1.13.0.","product":{"name":"N/A","vendor":{"name":"XEN","scada":false}}},{"description":"Toutes versions du noyau de Linux post\u00e9rieures \u00e0 la version 4.7.","product":{"name":"N/A","vendor":{"name":"XEN","scada":false}}},{"description":"Xen toutes versions 4.6 et post\u00e9rieures d\u00e9ploy\u00e9es sur un syst\u00e8me utilisant un processeur Intel.","product":{"name":"Xen","vendor":{"name":"XEN","scada":false}}},{"description":"Syst\u00e8mes x86 ex\u00e9cutant Xen toutes versions.","product":{"name":"Xen","vendor":{"name":"XEN","scada":false}}},{"description":"Xen toutes versions pour un syst\u00e8me ARM.","product":{"name":"Xen","vendor":{"name":"XEN","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2018-14007","url":"https://www.cve.org/CVERecord?id=CVE-2018-14007"},{"name":"CVE-2018-3620","url":"https://www.cve.org/CVERecord?id=CVE-2018-3620"},{"name":"CVE-2018-3646","url":"https://www.cve.org/CVERecord?id=CVE-2018-3646"}],"links":[],"reference":"CERTFR-2018-AVI-388","revisions":[{"description":"Version initiale","revision_date":"2018-08-16T00:00:00.000000"}],"risks":[{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"D\u00e9ni de service"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Certaines\nd'entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service,\nune atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Xen","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Xen XSA-271 du 14 ao\u00fbt 2018","url":"http://xenbits.xen.org/xsa/advisory-271.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Xen XSA-270 du 14 ao\u00fbt 2018","url":"http://xenbits.xen.org/xsa/advisory-270.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Xen XSA-269 du 14 ao\u00fbt 2018","url":"http://xenbits.xen.org/xsa/advisory-269.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Xen XSA-272 du 14 ao\u00fbt 2018","url":"http://xenbits.xen.org/xsa/advisory-272.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Xen XSA-268 du 14 ao\u00fbt 2018","url":"http://xenbits.xen.org/xsa/advisory-268.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Xen XSA-273 du 14 ao\u00fbt 2018","url":"http://xenbits.xen.org/xsa/advisory-273.html"}]}