The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability note CVE-2015-3650

VMware Workstation and Player on MS-Windows: privilege escalation via missing ACLs

Synthesis of the vulnerability

An attacker can make profit of the miss of ACL in VMware Workstation, in order to escalate his privileges.
Impacted products: VMware Player, VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 10/07/2015.
Identifiers: CERTFR-2015-AVI-287, CVE-2015-3650, VIGILANCE-VUL-17339, VMSA-2015-0005.

Description of the vulnerability

The VMware Workstation product is a virtualization tool.

A virtual machine is, as far as the Windows kernel knows, is an ordinary process. However, one of the programs of the virtualization layer does not define permissions where it should do. This allows an attacker to inject code into one of these processes, which typically run with hight privileges.

An attacker can therefore make profit of the miss of ACL in VMware Workstation, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-5472

WordPress ibs-Mappro: directory traversal of download.php

Synthesis of the vulnerability

An attacker can traverse directories in download.php of WordPress ibs-Mappro, in order to read a file outside the service root path.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 10/07/2015.
Identifiers: CVE-2015-5472, VIGILANCE-VUL-17338.

Description of the vulnerability

The ibs-Mappro plugin can be installed on WordPress.

However, user's data are directly inserted in an access path. One can specify an absolute path in the request parameter filename to get any file that is readable by the server process.

An attacker can therefore traverse directories in download.php of WordPress ibs-Mappro, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-1793

OpenSSL: X.509 certification chain forgery

Synthesis of the vulnerability

An attacker can force OpenSSL to accept spoofed certificates, in order to listen for encrypted communications or bypass signature based authentication.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, ASA, Cisco Catalyst, IOS XE Cisco, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Cisco CUCM, Clearswift Email Gateway, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, hMailServer, HP Switch, HP-UX, IRAD, Juniper J-Series, Junos OS, McAfee Email Gateway, McAfee NGFW, Nodejs Core, OpenSSL, Oracle Communications, Solaris, Slackware, Splunk Enterprise, stunnel, Synology DSM, Synology DS***, Synology RS***, Nessus, Websense Web Security, WinSCP, X2GoClient.
Severity: 3/4.
Consequences: client access/rights, data reading, data creation/edition.
Provenance: internet client.
Creation date: 09/07/2015.
Identifiers: 1962398, 1963151, BSA-2015-009, bulletinjul2015, c04760669, c05184351, CERTFR-2015-AVI-285, CERTFR-2015-AVI-431, cisco-sa-20150710-openssl, cpuoct2017, CVE-2015-1793, FEDORA-2015-11414, FEDORA-2015-11475, FreeBSD-SA-15:12.openssl, HPSBHF03613, HPSBUX03388, JSA10694, SB10125, SOL16937, SPL-103044, SSA:2015-190-01, SSRT102180, VIGILANCE-VUL-17337.

Description of the vulnerability

A certificate validation begins with the creation of a certificate chain, where each certificate provides the public key used to check the signature of the next certificate.

The creation of this chain may be non deterministic, especially when some identification X.509v3 extensions like "Authority Key Identifier" are not provided. When a candidate chain does not allow to validate a given certificate, OpenSSL 1.0.1 and 1.0.2 attempt to find another candidate chain. However, during these attempts, some required checks on the chain are not performed anymore. As a consequence, an attacker can make OpenSSL use its own certificate as a CA certificate, even if it includes the "basicConstraint" extension stating "CA: no". So it can create certificates for any name.

This vulnerability impacts clients checking a server certificate, and TLS servers checking a client certificate.

An attacker can therefore force OpenSSL to accept spoofed certificates, in order to listen for encrypted communications or bypass signature based authentication.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-5143 CVE-2015-5144

Django: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Django.
Impacted products: Debian, Fedora, openSUSE, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: data creation/edition, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/07/2015.
Identifiers: bulletinoct2015, CVE-2015-5143, CVE-2015-5144, DSA-3305-1, FEDORA-2015-11403, FEDORA-2015-1dd5bc998f, openSUSE-SU-2015:1802-1, openSUSE-SU-2015:1813-1, RHSA-2015:1678-01, RHSA-2015:1686-01, USN-2671-1, VIGILANCE-VUL-17336.

Description of the vulnerability

An attacker can use several vulnerabilities of Django.

An attacker can can saturate the area used for session storage. [severity:1/4; CVE-2015-5143]

An attacker can bypass the validation of request parameters by inserting newline characters. [severity:2/4; CVE-2015-5144]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-5359

Juniper JunOS: NULL pointer dereference via RPD

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in RPD of Juniper JunOS, in order to trigger a denial of service.
Impacted products: Juniper J-Series, Junos OS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 09/07/2015.
Identifiers: CERTFR-2015-AVI-286, CVE-2015-5359, JSA10687, VIGILANCE-VUL-17335.

Description of the vulnerability

The Juniper JunOS product includes an rpd server process, which handles IBGS network traffic.

However, while exchanging labels for MPLS, this daemon may dereference a NULL pointer, which leads to server termination.

An attacker can therefore force a NULL pointer to be dereferenced in RPD of Juniper JunOS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-5358

BSD, Juniper JunOS: memory leak in the LAST_ACK TCP state

Synthesis of the vulnerability

An attacker can block numerous TCP sessions in the LAST_ACK state, to trigger a memory exhaustion in FreeBSD/OpenBSD/JunOS, in order to create a denial of service.
Impacted products: SNS, FreeBSD, Juniper J-Series, Junos OS, NETASQ, NetBSD, OpenBSD, pfSense.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 09/07/2015.
Revision date: 22/07/2015.
Identifiers: CERTFR-2015-AVI-286, CVE-2015-5358, FreeBSD-SA-15:13.tcp, JSA10686, NetBSD-SA2015-009, STORM-2015-013, VIGILANCE-VUL-17333.

Description of the vulnerability

According to the TCP protocol, when a service receives a FIN packet:
 - it jumps in the CLOSE_WAIT state
 - it sends a FIN packet to the client
 - it enters in the LAST_ACK state
 - it waits to receive the FIN-ACK packet
 - it can retry to send the FIN packet
 - if it does not receive the FIN-ACK packet, it waits at most the duration of a timer to jump from the LAST_ACK state to the CLOSED state

In the LAST_ACK state, the service keeps information (mbufs) in memory.

However, when the TCP Window has a zero length size, the BSD stack forgets to start the timer. Information are thus indefinitely kept in memory.

An attacker can therefore block numerous TCP sessions in the LAST_ACK state, to trigger a memory exhaustion in BSD/JunOS, in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-6447

Juniper JunOS: Cross Site Scripting of J-Web

Synthesis of the vulnerability

An attacker can exploit the error handling procedure of J-Web of Juniper JunOS, in order to execute JavaScript code in the context of the web site or to trigger a denial of service.
Impacted products: Juniper J-Series, Junos OS.
Severity: 2/4.
Consequences: client access/rights, denial of service on service.
Provenance: document.
Creation date: 09/07/2015.
Identifiers: CERTFR-2015-AVI-286, CVE-2014-6447, JSA10682, VIGILANCE-VUL-17332.

Description of the vulnerability

The Juniper JunOS product offers a web service J-Web.

However, it does not filter received data before inserting them in error pages. Moreover, bugs in the error handling code allows an attacker to kill the Web server.

An attacker can therefore exploit the error handling procedure of J-Web of Juniper JunOS, in order to execute JavaScript code in the context of the web site or to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-7226

Drupal Administration Views: information disclosure

Synthesis of the vulnerability

An unauthenticated attacker can access to Drupal Administration Views, in order to view private pages.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 09/07/2015.
Identifiers: CVE-2015-7226, DRUPAL-SA-CONTRIB-2015-132, VIGILANCE-VUL-17330.

Description of the vulnerability

The Administration Views module can be installed on Drupal.

This module replaces some functions provided by the Drupal core. However, some access right checks are not implemented.

An unauthenticated attacker can therefore access to Drupal Administration Views, in order to view private pages.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-0578 CVE-2015-3097 CVE-2015-3114

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 36.
Creation date: 09/07/2015.
Identifiers: 2755801, APSB15-16, CERTFR-2015-AVI-284, CVE-2014-0578, CVE-2015-3097, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3125, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5116, CVE-2015-5117, CVE-2015-5118, CVE-2015-5124, openSUSE-SU-2015:1781-1, RHSA-2015:1214-01, SUSE-SU-2015:1211-1, SUSE-SU-2015:1214-1, VIGILANCE-VUL-17329, ZDI-15-294.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

The location of segments of the Player process is guessable. [severity:1/4; CVE-2015-3097]

An attacker can generate a heap based buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3135]

An attacker can generate a heap based buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-4432]

An attacker can generate a heap based buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-5118]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3117]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3123]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3130]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3133]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3134]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-4431]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:2/4; CVE-2015-3126]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:2/4; CVE-2015-4429]

An attacker can bypass security features, in order to get maybe sensitive information. [severity:1/4; CVE-2015-3114]

An attacker can exploit a cast error, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3119]

An attacker can exploit a cast error, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3120]

An attacker can exploit a cast error, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3121]

An attacker can exploit a cast error, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3122]

An attacker can exploit a cast error, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-4433]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3118]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3124]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-5117]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3127]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3128]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3129]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3131]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3132]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3136]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3137]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-4428]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-4430]

An attacker can bypass the same origin policy, which defines the access rights to the responses to the browser HTTP requests, in order to access normally unreachable information. [severity:3/4; CVE-2014-0578]

An attacker can bypass the same origin policy, which defines the access rights to the responses to the browser HTTP requests, in order to access normally unreachable information. [severity:3/4; CVE-2015-3115]

An attacker can bypass the same origin policy, which defines the access rights to the responses to the browser HTTP requests, in order to access normally unreachable information. [severity:3/4; CVE-2015-3116]

An attacker can bypass the same origin policy, which defines the access rights to the responses to the browser HTTP requests, in order to access normally unreachable information. [severity:2/4; CVE-2015-3125, ZDI-15-294]

An attacker can bypass the same origin policy, which defines the access rights to the responses to the browser HTTP requests, in order to access normally unreachable information. [severity:3/4; CVE-2015-5116]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5124]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 17328

WordPress ACF Frontend display: file upload

Synthesis of the vulnerability

An attacker can upload a malicious file on WordPress ACF Frontend display, in order for example to upload a Trojan.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 08/07/2015.
Identifiers: VIGILANCE-VUL-17328.

Description of the vulnerability

The ACF Frontend display plugin can be installed on WordPress.

It can be used to upload a file. However, as the file type is not restricted, a PHP file can be uploaded on the server, and then executed.

An attacker can therefore upload a malicious file on WordPress ACF Frontend display, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2899