The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

security alert CVE-2015-7181 CVE-2015-7182 CVE-2015-7183

Mozilla NSS/NSPR: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS/NSPR.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 04/11/2015.
Identifiers: cpuoct2017, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, DLA-480-1, DSA-3393-1, DSA-3406-1, DSA-3688-1, FEDORA-2015-2880ac7065, FEDORA-2015-5b5109510c, MFSA-2015-133, openSUSE-SU-2015:1942-1, RHSA-2015:1980-01, RHSA-2015:1981-01, RHSA-2015:1982-01, RHSA-2015:2068-01, SA119, SOL31372672, SSA:2015-310-02, SUSE-SU-2015:1978-1, SUSE-SU-2015:1981-1, SUSE-SU-2015:2081-1, USN-2790-1, USN-2791-1, VIGILANCE-VUL-18237.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Mozilla NSS/NSPR.

An attacker can force the usage of a freed memory area in Mozilla NSS sec_asn1d_parse_leaf(), in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7181]

An attacker can generate a buffer overflow in Mozilla NSS BER OCTET STRING, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7182]

An attacker can generate a buffer overflow in Mozilla NSS/NSPR PL_ARENA_ALLOCATE, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7183]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-4513 CVE-2015-4514 CVE-2015-4515

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox/Thunderbird.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 18.
Creation date: 04/11/2015.
Identifiers: CERTFR-2015-AVI-461, CVE-2015-4513, CVE-2015-4514, CVE-2015-4515, CVE-2015-4518, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7185, CVE-2015-7186, CVE-2015-7187, CVE-2015-7188, CVE-2015-7189, CVE-2015-7190, CVE-2015-7191, CVE-2015-7192, CVE-2015-7193, CVE-2015-7194, CVE-2015-7195, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200, DSA-3393-1, DSA-3410-1, FEDORA-2015-2880ac7065, FEDORA-2015-28e56e52e7, FEDORA-2015-5b5109510c, FEDORA-2015-6d64c257cf, FEDORA-2015-8f34820159, FEDORA-2015-aa2f68a7e9, FEDORA-2015-c7b1be8823, FEDORA-2015-fb3360fc0a, MFSA-2015-116, MFSA-2015-117, MFSA-2015-118, MFSA-2015-119, MFSA-2015-120, MFSA-2015-121, MFSA-2015-122, MFSA-2015-123, MFSA-2015-124, MFSA-2015-125, MFSA-2015-126, MFSA-2015-127, MFSA-2015-128, MFSA-2015-129, MFSA-2015-130, MFSA-2015-131, MFSA-2015-132, MFSA-2015-133, openSUSE-SU-2015:1942-1, openSUSE-SU-2015:2229-1, openSUSE-SU-2015:2245-1, RHSA-2015:2519-01, SSA:2015-310-01, SSA:2015-318-01, SSA:2015-337-02, SUSE-SU-2015:1926-1, SUSE-SU-2015:1978-1, SUSE-SU-2015:1981-1, SUSE-SU-2015:2081-1, USN-2785-1, USN-2819-1, VIGILANCE-VUL-18236.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Firefox/Thunderbird.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-4513, CVE-2015-4514, MFSA-2015-116]

An attacker can bypass security features in NTLM Authentication, in order to obtain sensitive information. [severity:1/4; CVE-2015-4515, MFSA-2015-117]

An attacker can bypass security features in CSP, in order to escalate his privileges. [severity:2/4; CVE-2015-4518, MFSA-2015-118]

An attacker can replace the addressbar on Android, in order to deceive the victim. [severity:2/4; CVE-2015-7185, MFSA-2015-119]

An attacker can bypass security features in Android Profile Files, in order to obtain sensitive information. [severity:2/4; CVE-2015-7186, MFSA-2015-120]

An attacker can use a vulnerability in Add-on SDK Panel, in order to run JavaScript code. [severity:2/4; CVE-2015-7187, MFSA-2015-121]

An attacker can use spaces at the end of IP addresses, in order to bypass the same-origin policy. [severity:3/4; CVE-2015-7188, MFSA-2015-122]

An attacker can generate a buffer overflow in JPEGEncoder, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7189, MFSA-2015-123]

An attacker can bypass file access restrictions in Android Intent, in order to obtain sensitive information. [severity:2/4; CVE-2015-7190, MFSA-2015-124]

An attacker can trigger a Cross Site Scripting in Android Intent, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2015-7191, MFSA-2015-125]

An attacker can generate a memory corruption in NSAccessibilityIndexAttribute, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-7192, MFSA-2015-126]

An attacker can use Content-Type, to bypass security features in CORS, in order to escalate his privileges. [severity:3/4; CVE-2015-7193, MFSA-2015-127]

An attacker can generate a memory corruption in libjar, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7194, MFSA-2015-128]

An attacker can bypass security features with the Location header, in order to obtain sensitive information. [severity:1/4; CVE-2015-7195, MFSA-2015-129]

An attacker can force the usage of a freed memory area in JavaScript Garbage Collection, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7196, MFSA-2015-130]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7198, CVE-2015-7199, CVE-2015-7200, MFSA-2015-131]

An attacker can bypass security features in WebSocket, in order to escalate his privileges. [severity:2/4; CVE-2015-7197, MFSA-2015-132]

An attacker can generate a memory corruption in NSS/NSPR, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-18237). [severity:4/4; CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, MFSA-2015-133]
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2014-9756

libsndfile: division by zero via psf_fwrite

Synthesis of the vulnerability

An attacker can generate an arithmetic error in the psf_fwrite() function of libsndfile, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 04/11/2015.
Identifiers: CVE-2014-9756, openSUSE-SU-2015:1995-1, openSUSE-SU-2015:2119-1, SSA:2016-039-02, USN-2832-1, VIGILANCE-VUL-18235.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The libsndfile library supports audio files in PSF (Portable Sound Format) format.

However, if the PSF file is malformed, a division by zero occurs in the psf_fwrite() function.

An attacker can therefore generate an arithmetic error in the psf_fwrite() function of libsndfile, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce 18234

libsndfile: unreachable memory reading via psf_strlcpy_crlf

Synthesis of the vulnerability

An attacker can force a read at an invalid address in psf_strlcpy_crlf() of libsndfile, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 04/11/2015.
Identifiers: CVE-2015-8075-REJECT, FEDORA-2015-71b291686c, openSUSE-SU-2015:1995-1, openSUSE-SU-2015:2119-1, VIGILANCE-VUL-18234.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The libsndfile library supports audio files in PSF (Portable Sound Format) format.

However, the psf_strlcpy_crlf() function tries to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore force a read at an invalid address in psf_strlcpy_crlf() of libsndfile, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2015-7805

libsndfile: buffer overflow of AIFF

Synthesis of the vulnerability

An attacker can generate a buffer overflow with an AIFF file opened by libsndfile, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 03/11/2015.
Identifiers: CVE-2015-7805, DLA-928-1, FEDORA-2015-0be7a2e1b8, FEDORA-2015-0f405832d3, FEDORA-2015-56be43eae6, FEDORA-2015-5afed1aad2, openSUSE-SU-2015:1995-1, openSUSE-SU-2015:2119-1, SSA:2016-039-02, USN-2832-1, VIGILANCE-VUL-18233.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The libsndfile library supports audio files in AIFF format.

However, if the size of data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow with an AIFF file opened by libsndfile, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2015-1885 CVE-2015-1927 CVE-2015-1932

WebSphere AS 7.0: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebSphere AS 7.0.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 03/11/2015.
Identifiers: 1969618, 7014463, CVE-2015-1885, CVE-2015-1927, CVE-2015-1932, CVE-2015-4938, PI31622, PI33202, PI36211, PI37396, PI38403, VIGILANCE-VUL-18232.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in WebSphere AS 7.0.

An attacker can bypass security features in serveServletsbyClassname, in order to escalate his privileges. [severity:2/4; CVE-2015-1927, PI31622]

An attacker can use Liberty Profile, in order to escalate his privileges. [severity:2/4; CVE-2015-1885, PI33202, PI36211]

An attacker can bypass security features in On Demand Router, in order to obtain sensitive information. [severity:2/4; CVE-2015-1932, PI38403]

An attacker can spoof an identity. [severity:2/4; CVE-2015-4938, PI37396]
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2015-6608 CVE-2015-6609 CVE-2015-6610

Google Android OS: multiple vulnerabilities of November 2015

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Android OS.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 10.
Creation date: 03/11/2015.
Identifiers: CERTFR-2015-AVI-464, CVE-2015-6608, CVE-2015-6609, CVE-2015-6610, CVE-2015-6611, CVE-2015-6612, CVE-2015-6613, CVE-2015-6614, CVE-2015-8072, CVE-2015-8073, CVE-2015-8074, VIGILANCE-VUL-18231.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Google Android OS.

An attacker can generate a memory corruption in Mediaserver, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6608]

An attacker can generate a memory corruption in libutils, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6609]

An attacker can bypass security features in Mediaserver, in order to obtain sensitive information. [severity:2/4; CVE-2015-6611]

An attacker can bypass security features in libstagefright, in order to escalate his privileges. [severity:2/4; CVE-2015-6610]

An attacker can bypass security features in libmedia, in order to escalate his privileges. [severity:2/4; CVE-2015-6612]

An attacker can bypass security features in Bluetooth, in order to escalate his privileges. [severity:2/4; CVE-2015-6613]

An attacker can bypass security features in Telephony, in order to escalate his privileges. [severity:2/4; CVE-2015-6614]

An attacker can generate a memory corruption in Mediaserver, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-8072]

An attacker can generate a memory corruption in Mediaserver, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-8073]

An attacker can generate a memory corruption in Mediaserver, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-8074]
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2012-0033

znc: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of znc, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 03/11/2015.
Identifiers: CVE-2012-0033, FEDORA-2012-0917, FEDORA-2012-0921, openSUSE-SU-2015:1886-1, VIGILANCE-VUL-18230.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error of znc, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2015-8859

Node.js send: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Node.js send, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 03/11/2015.
Identifiers: CVE-2015-8859, VIGILANCE-VUL-18229.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The send module can be used by Node.js.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories of Node.js send, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

threat note 18228

Joomla com_ebcontent: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla com_ebcontent, in order to read or alter data.
Severity: 2/4.
Creation date: 02/11/2015.
Identifiers: VIGILANCE-VUL-18228.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Joomla com_ebcontent product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla com_ebcontent, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1711 1712 1713 1714 1715 1716 1717 1718 1719 1721 1723 1724 1725 1726 1727 1728 1729 1730 1731 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2924