The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability bulletin CVE-2012-5890

TYPO3: vulnerabilities of extensions

Synthesis of the vulnerability

An attacker can use several vulnerabilities of TYPO3 extensions in order to generate a Cross Site Scripting, to inject SQL, to obtain information, or to execute code.
Impacted products: TYPO3 Extensions ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 23/02/2012.
Identifiers: BID-52142, BID-52145, BID-52146, BID-52148, BID-52149, BID-52150, BID-52153, BID-52164, BID-57455, CVE-2012-5890, TYPO3-EXT-SA-2012-002, TYPO3-EXT-SA-2012-003, VIGILANCE-VUL-11388.

Description of the vulnerability

Several vulnerabilities were announced in TYPO3 extensions.

An attacker can obtain information via the Front End User Registration (sr_feuser_register) extension. [severity:2/4; BID-57455, CVE-2012-5890]

An attacker can use a SQL injection and a Cross Site Scripting in the Crop and Square Thumbnails (tkcropthumbs) extension. [severity:2/4; BID-52142]

An attacker can access to files via the Typo3 eXtplorer (t3extplorer) extension. [severity:2/4; BID-52164]

An attacker can use a Cross Site Scripting in the TC BE User Admin (tc_beuser) extension. [severity:2/4; BID-52145]

An attacker can use a SQL injection in the Predigtsammlung (an_predigten) extension. [severity:2/4; BID-52148]

An attacker can use a Cross Site Scripting in the Apache Solr for TYPO3 (solr) extension. [severity:2/4; BID-52146]

An attacker can execute code or obtain information via the PDF Controller (pdfcontroller) extension. [severity:3/4; BID-52150]

An attacker can use a SQL injection and a Cross Site Scripting in the Share Your Car (cc20) extension. [severity:2/4; BID-52149]

An attacker can use a SQL injection and a Cross Site Scripting in the JW Player (jwplayer) extension. [severity:2/4; BID-52153]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 11387

Outpost Firewall Pro: denial of service of GUI

Synthesis of the vulnerability

A malware can stop the GUI process of Outpost Firewall Pro.
Impacted products: Outpost Firewall.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 22/02/2012.
Identifiers: VIGILANCE-VUL-11387.

Description of the vulnerability

A malware can stop the GUI process of Outpost Firewall Pro.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 11386

SAP: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver.
Severity: 2/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition, denial of service on service.
Provenance: internet client.
Creation date: 22/02/2012.
Identifiers: 1584930, 1586410, 1597597, 1607529, 1641329, 1644043, 1644746, 1649838, 1649840, 1661349, 1667805, VIGILANCE-VUL-11386.

Description of the vulnerability

Several vulnerabilities were announced in SAP products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2012-0292

Symantec pcAnywhere: denial of service of awhost32

Synthesis of the vulnerability

A network attacker can send malicious data to Symantec pcAnywhere, in order to stop the awhost32 service.
Impacted products: pcAnywhere.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 22/02/2012.
Identifiers: BID-52094, CVE-2012-0292, SYM12-003, TECH182142, VIGILANCE-VUL-11385.

Description of the vulnerability

The awhost32 service of Symantec pcAnywhere listens on port 5631/tcp.

An authentication is required to transmit data on this port. However, if authentication messages are malformed, the awhost32 service stops (it is automatically restarted).

A network attacker can therefore send malicious data to Symantec pcAnywhere, in order to stop the awhost32 service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-0841

libxml2: denial of service via hash collision

Synthesis of the vulnerability

An attacker can send data generating storage collisions, in order to overload a service.
Impacted products: Debian, Fedora, Juniper J-Series, Junos OS, libxml, Mandriva Linux, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 22/02/2012.
Identifiers: BID-52107, CERTA-2012-AVI-094, CERTA-2012-AVI-387, CERTA-2012-AVI-479, CERTFR-2015-AVI-023, CVE-2012-0841, DSA-2417-1, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, ESXi400-201209001, ESXi400-201209401-SG, ESXi410-201208101-SG, ESXi500-201207001, ESXi500-201207101-SG, FEDORA-2012-13820, FEDORA-2012-13824, JSA10669, MDVSA-2012:023, openSUSE-SU-2012:0342-1, openSUSE-SU-2012:0421-1, RHSA-2012:0324-01, RHSA-2013:0217-01, SUSE-SU-2012:0626-1, SUSE-SU-2013:1625-1, SUSE-SU-2013:1627-1, VIGILANCE-VUL-11384, VMSA-2012-0003.1, VMSA-2012-0005.2, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0012, VMSA-2012-0012.1, VMSA-2012-0012.2, VMSA-2012-0013, VMSA-2012-0013.1.

Description of the vulnerability

The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.

This vulnerability impacts libxml2.

In order to simplify VIGILANCE-VUL-11254, which was too big, solutions for libxml2 were moved here.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2011-4858

Tomcat, JBoss: denial of service via hash collision

Synthesis of the vulnerability

An attacker can send data generating storage collisions, in order to overload a service.
Impacted products: Tomcat, Debian, Fedora, HPE NNMi, OpenView NNM, HP-UX, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, ESX, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/02/2012.
Identifiers: BID-51200, c03183543, c03231290, c03824583, CERTA-2012-AVI-479, CERTA-2013-AVI-440, CVE-2011-4084-REJECT, CVE-2011-4858, DSA-2401-1, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, FEDORA-2012-7258, FEDORA-2012-7593, HPSBMU02747, HPSBMU02894, HPSBUX02741, openSUSE-SU-2012:0103-1, RHSA-2012:0041-01, RHSA-2012:0074-01, RHSA-2012:0075-01, RHSA-2012:0076-01, RHSA-2012:0077-01, RHSA-2012:0078-01, RHSA-2012:0089-01, RHSA-2012:0091-01, RHSA-2012:0325-01, RHSA-2012:0406-01, RHSA-2012:0474-01, RHSA-2012:0475-01, RHSA-2012:0679-01, RHSA-2012:0680-01, RHSA-2012:0681-01, RHSA-2012:0682-01, SSRT100728, SSRT100771, VIGILANCE-VUL-11383, VMSA-2012-0003.1, VMSA-2012-0005.2, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0013, VMSA-2012-0013.1.

Description of the vulnerability

The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.

This vulnerability impacts Tomcat.

In order to simplify VIGILANCE-VUL-11254, which was too big, solutions for Tomcat were moved here.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2011-4815 CVE-2011-4838

Ruby: denial of service via hash collision

Synthesis of the vulnerability

An attacker can send data generating storage collisions, in order to overload a service.
Impacted products: Fedora, Mandriva Linux, openSUSE, Solaris, RHEL, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/02/2012.
Identifiers: BID-51198, CERTA-2011-AVI-729, CERTA-2012-AVI-185, CVE-2011-4815, CVE-2011-4838, FEDORA-2011-17542, FEDORA-2011-17551, FEDORA-2012-0166, FEDORA-2012-0233, MDVSA-2012:024, openSUSE-SU-2012:0228-1, RHSA-2012:0069-01, RHSA-2012:0070-01, VIGILANCE-VUL-11382.

Description of the vulnerability

The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.

This vulnerability impacts Ruby.

In order to simplify VIGILANCE-VUL-11254, which was too big, solutions for Ruby were moved here.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-5035

Java Lightweight HTTP Server: denial of service via hash collision

Synthesis of the vulnerability

An attacker can send data generating storage collisions, in order to overload a service.
Impacted products: Debian, HP-UX, Mandriva Linux, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/02/2012.
Identifiers: BID-51236, c03254184, c03350339, CVE-2011-4838-ERROR, CVE-2011-5035, DSA-2420-1, HPSBUX02757, HPSBUX02784, MDVSA-2012:021, openSUSE-SU-2012:0309-1, RHSA-2012:0139-01, RHSA-2012:0514-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100779, SSRT100871, SUSE-SU-2012:0308-1, VIGILANCE-VUL-11381.

Description of the vulnerability

The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.

This vulnerability impacts Java Lightweight HTTP Server .

In order to simplify VIGILANCE-VUL-11254, which was too big, solutions for Java were moved here.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2012-0840

Apache APR: denial of service via hash collision

Synthesis of the vulnerability

An attacker could send data generating storage collisions, in order to overload a service.
Impacted products: Fedora, Mandriva Linux, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 22/02/2012.
Revision date: 24/02/2012.
Identifiers: BID-51917, CVE-2012-0840, FEDORA-2012-1656, FEDORA-2012-1709, MDVSA-2012:019, VIGILANCE-VUL-11380.

Description of the vulnerability

The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.

This vulnerability could impact APR. Apache indicates that there is no intrinsic vulnerability, and that the algorithm was optimized to mitigate potential hash collisions.

In order to simplify VIGILANCE-VUL-11254, which was too big, solutions for APR were moved here.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2011-4885

PHP: denial of service via hash collision

Synthesis of the vulnerability

An attacker can send data generating storage collisions, in order to overload a service.
Impacted products: CheckPoint Endpoint Security, CheckPoint Security Gateway, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Mandriva Linux, openSUSE, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 22/02/2012.
Identifiers: BID-51193, c03183543, CERTA-2011-AVI-728, CVE-2011-4885, DSA-2399-1, DSA-2399-2, FEDORA-2012-0420, FEDORA-2012-0504, HPSBUX02741, MDVSA-2011:197, MDVSA-2012:071, n.runs-SA-2011.004, oCERT-2011-003, openSUSE-SU-2012:0426-1, RHSA-2012:0019-01, RHSA-2012:0033-01, RHSA-2012:0071-01, sk66350, SOL13588, SSRT100728, SUSE-SU-2012:0411-1, SUSE-SU-2012:0496-1, VIGILANCE-VUL-11379.

Description of the vulnerability

The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.

This vulnerability impacts PHP.

In order to simplify VIGILANCE-VUL-11254, which was too big, solutions for PHP were moved here.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2892