The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability 11555

LibreOffice: denial of service via RTF

Synthesis of the vulnerability

An attacker can create a malicious RTF document, and invite the victim to open it with LibreOffice, in order to stop it.
Impacted products: LibreOffice.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: document.
Creation date: 18/04/2012.
Identifiers: 48640, BID-53142, VIGILANCE-VUL-11555.

Description of the vulnerability

The LibreOffice software can import RTF (Rich Text Format) documents.

However, if the RTF document contains a malformed table, an invalid or NULL pointer is dereferenced in the SwDoc::TextToTable() function.

An attacker can therefore create a malicious RTF document, and invite the victim to open it with LibreOffice, in order to stop it.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-0583 CVE-2012-1688 CVE-2012-1690

MySQL: several vulnerabilities of April 2012

Synthesis of the vulnerability

Several vulnerabilities of MySQL are corrected by the CPU of April 2012.
Impacted products: Debian, MySQL Community, MySQL Enterprise, openSUSE, Percona Server, RHEL.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 6.
Creation date: 18/04/2012.
Identifiers: BID-53058, BID-53061, BID-53064, BID-53067, BID-53071, BID-53074, CERTA-2012-AVI-220, cpuapr2012, CVE-2012-0583, CVE-2012-1688, CVE-2012-1690, CVE-2012-1696, CVE-2012-1697, CVE-2012-1703, DSA-2496-1, openSUSE-SU-2012:0617-1, openSUSE-SU-2012:0618-1, openSUSE-SU-2012:0619-1, RHSA-2012:1462-01, VIGILANCE-VUL-11554.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of MySQL.

An attacker can use a vulnerability of Server Optimizer, in order to create a denial of service. [severity:2/4; BID-53058, CVE-2012-1703]

An attacker can use a vulnerability of MyISAM, in order to create a denial of service. [severity:2/4; BID-53061, CVE-2012-0583]

An attacker can use a vulnerability of MySQL Protocol, in order to create a denial of service. [severity:2/4; BID-53064, CVE-2012-1697]

An attacker can use a vulnerability of Server DML, in order to create a denial of service. [severity:2/4; BID-53067, CVE-2012-1688]

An attacker can use a vulnerability of Server Optimizer, in order to create a denial of service. [severity:2/4; BID-53071, CVE-2012-1696]

An attacker can use a vulnerability of Server Optimizer, in order to create a denial of service. [severity:2/4; BID-53074, CVE-2012-1690]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2012-0539 CVE-2012-0548 CVE-2012-1681

Solaris: several vulnerabilities of April 2012

Synthesis of the vulnerability

Several vulnerabilities of Solaris are corrected by the CPU of April 2012.
Impacted products: Solaris, Trusted Solaris.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on server.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 10.
Creation date: 18/04/2012.
Identifiers: BID-53120, BID-53125, BID-53126, BID-53128, BID-53130, BID-53131, BID-53134, BID-53135, BID-53137, BID-53138, CERTA-2012-AVI-220, cpuapr2012, CVE-2012-0539, CVE-2012-0548, CVE-2012-1681, CVE-2012-1683, CVE-2012-1684, CVE-2012-1691, CVE-2012-1692, CVE-2012-1693, CVE-2012-1694, CVE-2012-1698, VIGILANCE-VUL-11553.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Solaris.

An attacker can use a vulnerability of Kernel, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-53137, CVE-2012-1691]

An attacker can use a vulnerability of libsasl, in order to obtain or alter information. [severity:2/4; BID-53126, CVE-2012-1694]

An attacker can use a vulnerability of bsmconv/bsmunconv, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-53120, CVE-2012-0539]

An attacker can use a vulnerability of gssd, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-53130, CVE-2012-1683]

An attacker can use a vulnerability of Kernel/sockfs, in order to create a denial of service. [severity:2/4; BID-53135, CVE-2012-1681]

An attacker can use a vulnerability of SCTP, in order to create a denial of service. [severity:2/4; BID-53125, CVE-2012-1692]

An attacker can use a vulnerability of Password Policy, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-53138, CVE-2012-1684]

An attacker can use a vulnerability of SPARC Enterprise M Series Servers XSCF Control Package (XCP), in order to create a denial of service. [severity:1/4; BID-53131, CVE-2012-1693]

An attacker can use a vulnerability of SPARC Enterprise M Series Servers XSCF Control Package (XCP), in order to obtain information. [severity:1/4; BID-53134, CVE-2012-0548]

An attacker can use a vulnerability of Kernel/GLD, in order to obtain information. [severity:1/4; BID-53128, CVE-2012-1698]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2012-0550 CVE-2012-0551

GlassFish Enterprise Server: several vulnerabilities of April 2012

Synthesis of the vulnerability

Several vulnerabilities of GlassFish Enterprise Server are corrected by the CPU of April 2012.
Impacted products: Oracle GlassFish Server.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/04/2012.
Identifiers: BID-53118, BID-53136, CERTA-2012-AVI-220, cpuapr2012, CVE-2012-0550, CVE-2012-0551, VIGILANCE-VUL-11552.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of GlassFish Enterprise Server.

An attacker can use a Cross Site Request Forgery of Web Container, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53118, CVE-2012-0550]

An attacker can use several Cross Site Scripting of Web Container, in order to obtain or alter information. [severity:2/4; BID-53136, CVE-2012-0551]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-0516

Oracle iPlanet Web Server: vulnerability of Administration Console

Synthesis of the vulnerability

An attacker can use a vulnerability of the web administration console of Oracle iPlanet Web Server, in order to obtain information, to alter information, or to create a denial of service.
Impacted products: Oracle iPlanet Web Server, Oracle Web Tier.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: internet client.
Creation date: 18/04/2012.
Identifiers: BID-53133, CERTA-2012-AVI-220, cpuapr2012, CVE-2012-0516, VIGILANCE-VUL-11551.

Description of the vulnerability

An attacker can use a vulnerability of the web administration console of Oracle iPlanet Web Server, in order to obtain information, to alter information, or to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2012-0515 CVE-2012-0522 CVE-2012-0532

Oracle Fusion Middleware: several vulnerabilities of April 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion Middleware are corrected by the CPU of April 2012.
Impacted products: Oracle AS, Oracle Fusion Middleware, Oracle Identity Management, Oracle OIT.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 11.
Creation date: 18/04/2012.
Identifiers: BID-53053, BID-53054, BID-53060, BID-53062, BID-53069, BID-53070, BID-53079, BID-53082, BID-53083, BID-53087, CERTA-2012-AVI-220, cpuapr2012, CVE-2012-0515, CVE-2012-0522, CVE-2012-0532, CVE-2012-0543, CVE-2012-0554, CVE-2012-0555, CVE-2012-0556, CVE-2012-0557, CVE-2012-1695, CVE-2012-1709, CVE-2012-1710, VIGILANCE-VUL-11550, ZDI-12-073, ZDI-12-074, ZDI-12-150, ZDI-12-151, ZDI-12-152, ZDI-12-202.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Fusion Middleware.

An attacker can use a vulnerability of Oracle JRockit, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2012-1695]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53069, CVE-2012-0554]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53070, CVE-2012-0555]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53087, CVE-2012-0556]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53054, CVE-2012-0557]

An attacker can use a vulnerability of Oracle WebCenter Forms Recognition, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53082, CVE-2012-1709, ZDI-12-074]

An attacker can use a vulnerability of Oracle WebCenter Forms Recognition, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53062, CVE-2012-1710, ZDI-12-073]

An attacker can use a vulnerability of Identity Manager, in order to obtain or alter information. [severity:2/4; BID-53060, CVE-2012-0532]

An attacker can use a vulnerability of BI Publisher (XML Publisher), in order to alter information. [severity:2/4; BID-53083, CVE-2012-0543]

An attacker can use a vulnerability of Oracle JDeveloper, in order to alter information. [severity:2/4; BID-53053, CVE-2012-0522]

An attacker can use a vulnerability of Identity Manager Connector, in order to alter information. [severity:2/4; BID-53079, CVE-2012-0515]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-0510 CVE-2012-0511 CVE-2012-0512

Oracle Database: several vulnerabilities of April 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Database are corrected by the CPU of April 2012.
Impacted products: Oracle DB, SQL*Net, SLES.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 12.
Creation date: 18/04/2012.
Identifiers: BID-53063, BID-53072, BID-53076, BID-53081, BID-53084, BID-53089, BID-53090, BID-53092, BID-53093, BID-53097, BID-53101, BID-53104, CERTA-2012-AVI-220, cpuapr2012, CVE-2012-0510, CVE-2012-0511, CVE-2012-0512, CVE-2012-0519, CVE-2012-0520, CVE-2012-0525, CVE-2012-0526, CVE-2012-0527, CVE-2012-0528, CVE-2012-0534, CVE-2012-0552, CVE-2012-1708, SUSE-SU-2012:1020-1, VIGILANCE-VUL-11549.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Database.

An attacker can use a vulnerability of Oracle Spatial, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53097, CVE-2012-0552]

An attacker can use a vulnerability of Core RDBMS, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53072, CVE-2012-0519]

An attacker can use a vulnerability of Core RDBMS, in order to alter information, or to create a denial of service. [severity:2/4; BID-53090, CVE-2012-0510]

An attacker can use a vulnerability of OCI, in order to obtain or alter information. [severity:2/4; BID-53101, CVE-2012-0511]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to obtain or alter information. [severity:2/4; BID-53089, CVE-2012-0528]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to obtain or alter information. [severity:2/4; BID-53092, CVE-2012-0512]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to obtain or alter information. [severity:2/4; BID-53063, CVE-2012-0525]

An attacker can use a vulnerability of Application Express, in order to alter information. [severity:2/4; BID-53104, CVE-2012-1708]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to alter information. [severity:2/4; BID-53084, CVE-2012-0526]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to alter information. [severity:2/4; BID-53093, CVE-2012-0527]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to alter information. [severity:2/4; BID-53081, CVE-2012-0520]

An attacker can use a vulnerability of RDBMS Core, in order to alter information. [severity:2/4; BID-53076, CVE-2012-0534]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2012-0740

IBM Tivoli Directory Server: Cross Site Scripting via Web Admin Tool

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in the web administrative interface of IBM Tivoli Directory Server, in order to execute JavaScript code in the context of the web site.
Impacted products: Tivoli Directory Server.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 17/04/2012.
Identifiers: BID-53043, BID-53194, CERTA-2012-AVI-231, CVE-2012-0740, IO14508, IO16016, IO16186, swg21591257, swg24032501, VIGILANCE-VUL-11548.

Description of the vulnerability

The Web Admin Tool interface of IBM Tivoli Directory Server is used by the administrator to manage the service.

However, Web Admin Tool does not correctly filter its data before displaying them.

An attacker can therefore generate a Cross Site Scripting in the web administrative interface of IBM Tivoli Directory Server, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2012-0883

Apache httpd: privilege elevation via envvars

Synthesis of the vulnerability

A local attacker can create a malicious dynamic library, in order to execute code with privileges of the administrator of Apache httpd.
Impacted products: Apache httpd, Fedora, HP-UX, Mandriva Linux, openSUSE, Solaris, RHEL.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 17/04/2012.
Identifiers: BID-53046, c03368475, CERTA-2012-AVI-222, CVE-2012-0883, FEDORA-2013-1661, HPSBUX02791, MDVSA-2012:154, MDVSA-2012:154-1, openSUSE-SU-2013:0243-1, openSUSE-SU-2013:0248-1, RHSA-2012:1591-01, RHSA-2012:1592-01, RHSA-2012:1594-01, SSRT100856, VIGILANCE-VUL-11547.

Description of the vulnerability

The apachectl script is used to start and stop the Apache httpd service.

This script loads its environment variable from the "envvars" file, which is created from "envvars-std.in" during the Apache httpd compilation. This file defines the SHLIBPATH_VAR (--shlib-path-var, LD_LIBRARY_PATH) variable, which indicates the list of directories containing shared libraries. However, an empty entry is added (for example "var=path1::path3"), so the current directory is also searched for libraries.

A local attacker can therefore create a malicious dynamic library, a store it in the current directory of the administrator. He can then invite him to run apachectl, in order to execute code with privileges of the administrator.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-0726

IBM Tivoli Directory Server: using SSL NULL algorithms

Synthesis of the vulnerability

When IBM Tivoli Directory Server uses a SSL/TLS configuration, null algorithms are not forbidden, so an attacker can capture clear messages.
Impacted products: Tivoli Directory Server.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 17/04/2012.
Identifiers: BID-53043, CERTA-2012-AVI-217, CVE-2012-0726, IO15761, IO16035, IO16036, swg21591272, VIGILANCE-VUL-11546.

Description of the vulnerability

The LDAP service of IBM Tivoli Directory Server can be configured to use SSL/TLS in order to authenticate and encrypt exchanges with the client.

However, the SSL/TLS service does not disable NULL-MD5 and NULL-SHA algorithms. If the client does not force the usage of stronger algorithms, these weak algorithms can thus be negotiated.

When IBM Tivoli Directory Server uses a SSL/TLS configuration, null algorithms are not forbidden, so an attacker can therefore capture clear messages.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2871