The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability bulletin CVE-2015-6280

Cisco IOS, IOS XE: access via SSHv2 with RSA

Synthesis of the vulnerability

An attacker can connect via SSHv2 to the account of a Cisco IOS or IOS XE user, in order to perform operations with his privileges.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 23/09/2015.
Identifiers: 40938, CERTFR-2015-AVI-407, cisco-sa-20150923-sshpk, CSCus73013, CVE-2015-6280, VIGILANCE-VUL-17963.

Description of the vulnerability

The Cisco IOS or IOS XE product can be configured with a SSHv2 authentication based on RSA user keys.

However, an attacker who knows a username and his RSA public key, can authenticate without knowing his private key.

An attacker can therefore connect via SSHv2 to the account of a Cisco IOS or IOS XE user, in order to perform operations with his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-5651

Dotclear: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Dotclear, in order to run JavaScript code in the context of the web site.
Impacted products: Dotclear.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 23/09/2015.
Identifiers: CVE-2015-5651, VIGILANCE-VUL-17962.

Description of the vulnerability

The Dotclear product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Dotclear, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-7224

Puppet Labs Puppet: creation of passwordless account

Synthesis of the vulnerability

An attacker can trigger the creation of a passwordless account for Puppet Labs Puppet, in order to increase its access rights.
Impacted products: Puppet.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 23/09/2015.
Identifiers: CVE-2015-7224, VIGILANCE-VUL-17961.

Description of the vulnerability

The Puppet Labs Puppet product manages user accounts.

These accounts may be defined in a MySQL database. However, The username is not rightly validated and the interpretation of the account name may include an host name or address. In such a case, after access rights initialization, the net result is a passwordless user account.

An attacker can therefore trigger the creation of a passwordless account for Puppet Labs Puppet, in order to increase its access rights.
Full Vigil@nce bulletin... (Free trial)

vulnerability 17960

WordPress Contact Form 7: bypassing captcah based access control

Synthesis of the vulnerability

An attacker can automatically guess the answer of a captcha from WordPress Contact Form 7, in order to bypass access restrictions.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 1/4.
Consequences: data flow, disguisement.
Provenance: internet client.
Creation date: 23/09/2015.
Identifiers: VIGILANCE-VUL-17960.

Description of the vulnerability

The Contact Form 7 plugin can be installed on WordPress.

It implements an access control method based on captchas. However, the result of the challenge is guessable

An attacker can therefore automatically guess the answer of a captcha from WordPress Contact Form 7, in order to bypass access restrictions.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-7358 CVE-2015-7359

TrueCrypt: privilege escalation

Synthesis of the vulnerability

A local attacker can bypass restrictions of TrueCrypt, in order to escalate his privileges.
Impacted products: Windows (platform) ~ not comprehensive, TrueCrypt.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 23/09/2015.
Revision date: 25/09/2015.
Identifiers: CVE-2015-7358, CVE-2015-7359, VIGILANCE-VUL-17959.

Description of the vulnerability

The TrueCrypt product is a disk encryption tool for Windows. It is impacted by two vulnerabilities.

An error in the volume letter management allows an attacker to raise his privileges. [severity:2/4; CVE-2015-7358]

An attacker can impersonate a token, in order to escalate his privileges. [severity:2/4; CVE-2015-7359]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-6305

Cisco AnyConnect Secure Mobility Client: privilege escalation via DLL

Synthesis of the vulnerability

An attacker can make Cisco AnyConnect Secure Mobility Client loads and run arbitrary DLL, in order to escalate his privileges.
Impacted products: Cisco AnyConnect Secure Mobility Client, AnyConnect VPN Client.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 23/09/2015.
Identifiers: 41136, CSCuv01279, CVE-2015-6305, VIGILANCE-VUL-17958.

Description of the vulnerability

The Cisco AnyConnect Secure Mobility Client is used to create tunnels for virtual private networks.

It may load and run DLL with system privileges for various internal needs. However, MS-Windows looks for DLL in many places by default, and the product does not restrict this set of locations. An attacker can plant a DLL in one of the writable directory that Windows looks in for to make it run.

An attacker can therefore make Cisco AnyConnect Secure Mobility Client loads and run arbitrary DLL, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 17957

Node.js: injection in HTTP response headers

Synthesis of the vulnerability

An attacker can insert any HTTP response header at the end of the response, via Node.js.
Impacted products: Nodejs Core.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user account.
Creation date: 23/09/2015.
Identifiers: VIGILANCE-VUL-17957.

Description of the vulnerability

The Node.js product is used to implement Web applications.

It offers putting HTTP response header after the response body. (Headers are normally not allowed here.) However, it accepts end of line marks in the header value.

An attacker can therefore insert any HTTP response header at the end of the response, via Node.js.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-5257

Linux kernel: NULL pointer dereference in the WhiteHEAT driver

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in WhiteHEAT of Linux noyau, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: physical access.
Number of vulnerabilities in this bulletin: 2.
Creation date: 23/09/2015.
Identifiers: CERTFR-2015-AVI-430, CVE-2015-5257, CVE-2015-5275-REJECT, DSA-3372-1, FEDORA-2015-d7e074ba30, FEDORA-2015-dcc260f2f2, USN-2792-1, USN-2794-1, USN-2795-1, USN-2796-1, USN-2797-1, USN-2798-1, USN-2799-1, VIGILANCE-VUL-17956.

Description of the vulnerability

The Linux kernel includes a driver for the WhiteHEAT device from Connect Tech.

However, this module assumes that the number of ports of this device is constant. When the true number of ports is lower than expected, the module dereferences a NULL pointer, which leads to a fatal exception.

An attacker can therefore force a NULL pointer to be dereferenced in the WhiteHEAT driver of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 17955

unzip: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of unzip, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 23/09/2015.
Identifiers: FEDORA-2015-15858, FEDORA-2015-15859, VIGILANCE-VUL-17955.

Description of the vulnerability

An attacker can generate a buffer overflow of unzip, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-4476 CVE-2015-4500 CVE-2015-4501

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox/Thunderbird.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 19.
Creation date: 23/09/2015.
Identifiers: CERTFR-2015-AVI-405, CVE-2015-4476, CVE-2015-4500, CVE-2015-4501, CVE-2015-4502, CVE-2015-4503, CVE-2015-4504, CVE-2015-4505, CVE-2015-4506, CVE-2015-4507, CVE-2015-4508, CVE-2015-4509, CVE-2015-4510, CVE-2015-4511, CVE-2015-4512, CVE-2015-4516, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7178, CVE-2015-7179, CVE-2015-7180, CVE-2015-7327, DSA-3365-1, FEDORA-2015-15831, FEDORA-2015-15832, FEDORA-2015-16455, FEDORA-2015-480a88a4c8, MFSA-2015-100, MFSA-2015-101, MFSA-2015-102, MFSA-2015-103, MFSA-2015-104, MFSA-2015-105, MFSA-2015-106, MFSA-2015-107, MFSA-2015-108, MFSA-2015-109, MFSA-2015-110, MFSA-2015-111, MFSA-2015-112, MFSA-2015-113, MFSA-2015-114, MFSA-2015-96, MFSA-2015-97, MFSA-2015-98, MFSA-2015-99, openSUSE-SU-2015:1658-1, openSUSE-SU-2015:1679-1, openSUSE-SU-2015:1681-1, RHSA-2015:1834-01, RHSA-2015:1834-02, RHSA-2015:1852-01, SSA:2015-265-01, SSA:2015-274-01, SSA:2015-274-03, SUSE-SU-2015:1680-1, SUSE-SU-2015:1703-1, SUSE-SU-2015:2081-1, USN-2743-1, USN-2743-2, USN-2743-3, USN-2743-4, USN-2754-1, VIGILANCE-VUL-17954, ZDI-15-646.

Description of the vulnerability

Several vulnerabilities were announced in Firefox/Thunderbird.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-4500, CVE-2015-4501, MFSA-2015-96]

An attacker can create a memory leak in mozTCPSocket, in order to trigger a denial of service. [severity:2/4; CVE-2015-4503, MFSA-2015-97]

An attacker can force a read at an invalid address in mozTCPSocketQCMS, in order to trigger a denial of service. [severity:2/4; CVE-2015-4504, MFSA-2015-98]

An attacker can spoof an url on Android. [severity:2/4; CVE-2015-4476, MFSA-2015-99]

An attacker can bypass access restrictions of Mozilla Updater, in order to read or alter files. [severity:2/4; CVE-2015-4505, MFSA-2015-100]

An attacker can generate a buffer overflow in libvpx, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-4506, MFSA-2015-101]

An attacker can trigger a fatal error in SavedStacks, in order to trigger a denial of service. [severity:1/4; CVE-2015-4507, MFSA-2015-102]

An attacker can spoof an url in reader mode. [severity:1/4; CVE-2015-4508, MFSA-2015-103]

An attacker can force the usage of a freed memory area in IndexedDB, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-4510, MFSA-2015-104]

An attacker can generate a buffer overflow in WebM, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-4511, MFSA-2015-105]

An attacker can force the usage of a freed memory area in HTML Media Content, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-4509, MFSA-2015-106, ZDI-15-646]

An attacker can force a read at an invalid address in 2D Canvas on Linux 16-bit Color, in order to trigger a denial of service. [severity:1/4; CVE-2015-4512, MFSA-2015-107]

An attacker can use a Scripted Proxy, in order to access to a window. [severity:2/4; CVE-2015-4502, MFSA-2015-108]

An attacker can bypass security features of a JavaScript Immutable Property, in order to escalate his privileges. [severity:3/4; CVE-2015-4516, MFSA-2015-109]

An attacker can use a drag-and-drop, in order to obtain sensitive information. [severity:3/4; CVE-2015-4519, MFSA-2015-110]

An attacker can bypass security features in CORS, in order to escalate his privileges. [severity:3/4; CVE-2015-4520, MFSA-2015-111]

An unknown vulnerability was announced. [severity:3/4; CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180, MFSA-2015-112]

An attacker can generate a memory corruption in libGLES, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7178, CVE-2015-7179, MFSA-2015-113]

An attacker can bypass security features in High Resolution Time API, in order to obtain sensitive information. [severity:2/4; CVE-2015-7327, MFSA-2015-114]
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2846