The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability note CVE-2016-0682 CVE-2016-0689 CVE-2016-0692

Oracle Berkeley DB: five vulnerabilities of April 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Berkeley DB.
Impacted products: Berkeley DB.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 20/04/2016.
Identifiers: cpuapr2016, CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, CVE-2016-0694, CVE-2016-3418, VIGILANCE-VUL-19419.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Berkeley DB.

An attacker can use a vulnerability of DataStore, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0682]

An attacker can use a vulnerability of DataStore, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0689]

An attacker can use a vulnerability of DataStore, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0692]

An attacker can use a vulnerability of DataStore, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0694]

An attacker can use a vulnerability of DataStore, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3418]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-3195 CVE-2015-3197 CVE-2016-0678

Oracle VM VirtualBox: three vulnerabilities of April 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle VM VirtualBox.
Impacted products: openSUSE, openSUSE Leap, VirtualBox.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 20/04/2016.
Identifiers: CERTFR-2016-AVI-137, cpuapr2016, CVE-2015-3195, CVE-2015-3197, CVE-2016-0678, openSUSE-SU-2016:1451-1, openSUSE-SU-2016:1462-1, VIGILANCE-VUL-19418.

Description of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.

An attacker can use a vulnerability of HTTPS, in order to trigger a denial of service (VIGILANCE-VUL-18436). [severity:2/4; CVE-2015-3195]

An attacker can use a vulnerability, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-0678]

An attacker can use a vulnerability of HTTPS, in order to obtain information (VIGILANCE-VUL-18837). [severity:2/4; CVE-2015-3197]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-7236 CVE-2016-0623 CVE-2016-0669

Oracle Solaris: multiple vulnerabilities of April 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Solaris.
Impacted products: Solaris.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 9.
Creation date: 20/04/2016.
Identifiers: CERTFR-2016-AVI-136, cpuapr2016, CVE-2015-7236, CVE-2016-0623, CVE-2016-0669, CVE-2016-0676, CVE-2016-0693, CVE-2016-3419, CVE-2016-3441, CVE-2016-3462, CVE-2016-3465, VIGILANCE-VUL-19417.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Solaris.

An attacker can use a vulnerability of PAM LDAP module, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0693]

An attacker can use a vulnerability of Filesystem, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3441]

An attacker can use a vulnerability of Utilities, in order to trigger a denial of service. [severity:3/4; CVE-2015-7236]

An attacker can use a vulnerability of Fwflash, in order to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0669]

An attacker can use a vulnerability of Network Configuration Service, in order to trigger a denial of service. [severity:2/4; CVE-2016-3462]

An attacker can use a vulnerability of ZFS, in order to trigger a denial of service. [severity:2/4; CVE-2016-3465]

An attacker can use a vulnerability of Automated Installer, in order to alter information. [severity:2/4; CVE-2016-0623]

An attacker can use a vulnerability of Kernel, in order to trigger a denial of service. [severity:2/4; CVE-2016-0676]

An attacker can use a vulnerability of Filesystem, in order to trigger a denial of service. [severity:1/4; CVE-2016-3419]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-0686 CVE-2016-0687 CVE-2016-0695

Oracle Java: multiple vulnerabilities of April 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Debian, Avamar, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, AIX, Domino, Notes, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, JAXP, ePO, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 9.
Creation date: 20/04/2016.
Identifiers: 1982223, 1982566, 1984075, 1984678, 1985466, 1985875, 1987778, 484398, 486953, bulletinjan2017, CERTFR-2016-AVI-135, cpuapr2016, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, DLA-451-1, DSA-3558-1, ESA-2016-052, ESA-2016-099, FEDORA-2016-33ccc205e7, openSUSE-SU-2016:1222-1, openSUSE-SU-2016:1230-1, openSUSE-SU-2016:1235-1, openSUSE-SU-2016:1262-1, openSUSE-SU-2016:1265-1, RHSA-2016:0650-01, RHSA-2016:0651-01, RHSA-2016:0675-01, RHSA-2016:0676-01, RHSA-2016:0677-01, RHSA-2016:0678-01, RHSA-2016:0679-01, RHSA-2016:0701-01, RHSA-2016:0702-01, RHSA-2016:0708-01, RHSA-2016:0716-01, RHSA-2016:0723-01, RHSA-2016:1039-01, SB10159, SOL33285044, SOL73112451, SOL81223200, SUSE-SU-2016:1248-1, SUSE-SU-2016:1250-1, SUSE-SU-2016:1299-1, SUSE-SU-2016:1300-1, SUSE-SU-2016:1303-1, SUSE-SU-2016:1378-1, SUSE-SU-2016:1379-1, SUSE-SU-2016:1388-1, SUSE-SU-2016:1458-1, SUSE-SU-2016:1475-1, USN-2963-1, USN-2964-1, USN-2972-1, VIGILANCE-VUL-19416, ZDI-16-376.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3443, ZDI-16-376]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0687]

An attacker can use a vulnerability of Serialization, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0686]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3427]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3449]

An attacker can use a vulnerability of Security, in order to obtain information. [severity:2/4; CVE-2016-0695]

An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2016-3425]

An attacker can use a vulnerability of 2D, in order to trigger a denial of service. [severity:2/4; CVE-2016-3422]

An attacker can use a vulnerability of JCE, in order to obtain information. [severity:1/4; CVE-2016-3426]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-3576 CVE-2015-3195 CVE-2015-3197

Oracle Fusion Middleware: multiple vulnerabilities of April 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Fusion Middleware.
Impacted products: Oracle Fusion Middleware, Oracle GlassFish Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, WebLogic, Oracle Web Tier.
Severity: 4/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 16.
Creation date: 20/04/2016.
Identifiers: cpuapr2016, CVE-2014-3576, CVE-2015-3195, CVE-2015-3197, CVE-2015-3253, CVE-2015-7182, CVE-2015-7547, CVE-2016-0468, CVE-2016-0479, CVE-2016-0638, CVE-2016-0671, CVE-2016-0675, CVE-2016-0688, CVE-2016-0696, CVE-2016-0700, CVE-2016-3416, CVE-2016-3455, TALOS-2016-0086, VIGILANCE-VUL-19415.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion Middleware.

An attacker can use a vulnerability of Oracle GlassFish Server, Oracle OpenSSO, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server or Oracle Traffic Director, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-18237). [severity:4/4; CVE-2015-7182]

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-17973). [severity:4/4; CVE-2015-3253]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:4/4; CVE-2016-0638]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3455, TALOS-2016-0086]

An attacker can use a vulnerability of Oracle Exalogic Infrastructure, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-18956). [severity:3/4; CVE-2015-7547]

An attacker can use a vulnerability of Oracle BI Publisher, in order to trigger a denial of service (VIGILANCE-VUL-17610). [severity:3/4; CVE-2014-3576]

An attacker can use a vulnerability of Oracle Business Intelligence Enterprise Edition, in order to obtain or alter information. [severity:3/4; CVE-2016-0479]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain or alter information. [severity:3/4; CVE-2016-0675]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain or alter information. [severity:3/4; CVE-2016-0700]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain or alter information. [severity:3/4; CVE-2016-3416]

An attacker can use a vulnerability of Oracle Exalogic Infrastructure or Oracle Tuxedo, in order to obtain information (VIGILANCE-VUL-18837). [severity:2/4; CVE-2015-3197]

An attacker can use a vulnerability of Oracle Business Intelligence Enterprise Edition, in order to obtain or alter information. [severity:2/4; CVE-2016-0468]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain or alter information. [severity:2/4; CVE-2016-0696]

An attacker can use a vulnerability of Oracle API Gateway or Oracle Exalogic Infrastructure, in order to trigger a denial of service (VIGILANCE-VUL-18436). [severity:2/4; CVE-2015-3195]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2016-0671]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:1/4; CVE-2016-0688]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-0677 CVE-2016-0681 CVE-2016-0690

Oracle Database: five vulnerabilities of April 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Database.
Impacted products: Oracle DB.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 5.
Creation date: 20/04/2016.
Identifiers: CERTFR-2016-AVI-134, cpuapr2016, CVE-2016-0677, CVE-2016-0681, CVE-2016-0690, CVE-2016-0691, CVE-2016-3454, VIGILANCE-VUL-19414.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Database.

An attacker can use a vulnerability of Java VM, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3454]

An attacker can use a vulnerability of Oracle OLAP, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0681]

An attacker can use a vulnerability of RDBMS Security, in order to trigger a denial of service. [severity:2/4; CVE-2016-0677]

An attacker can use a vulnerability of RDBMS Security, in order to alter information. [severity:1/4; CVE-2016-0690]

An attacker can use a vulnerability of RDBMS Security, in order to alter information. [severity:1/4; CVE-2016-0691]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-8839

Linux kernel: file corruption via ext4 Punch Hole

Synthesis of the vulnerability

A local attacker can manipulate data on ext4 on the Linux kernel, in order to alter a file.
Impacted products: Fedora, Android OS, QRadar SIEM, Linux, RHEL, Ubuntu.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 20/04/2016.
Identifiers: 2011746, CERTFR-2016-AVI-199, CERTFR-2017-AVI-287, CVE-2015-8839, FEDORA-2016-373c063e79, FEDORA-2016-8e858f96b8, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, USN-3005-1, USN-3006-1, USN-3007-1, VIGILANCE-VUL-19413.

Description of the vulnerability

The Linux kernel uses the ext4 filesystem.

However, when it reassembles file fragments, a computation error leads to file corruptions.

A local attacker can therefore manipulate data on ext4 on the Linux kernel, in order to alter a file.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-1384

Cisco IOS, IOS XE: changing time via NTP

Synthesis of the vulnerability

An attacker can send malicious NTP packets to Cisco IOS or IOS XE, in order to change the system date.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 19/04/2016.
Identifiers: CERTFR-2016-AVI-140, cisco-sa-20160419-ios, CSCux46898, CVE-2016-1384, VIGILANCE-VUL-19412.

Description of the vulnerability

The Cisco IOS or IOS XE product uses NTP to set the time.

However, NTP packets are not correctly authenticated.

An attacker can therefore send malicious NTP packets to Cisco IOS or IOS XE, in order to change the system date.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 19411

PAN-OS: bypassing url filtering

Synthesis of the vulnerability

An attacker can add an HTTP header for PAN-OS, in order to bypass the url filtering.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: data flow.
Provenance: intranet client.
Creation date: 19/04/2016.
Identifiers: 93838, VIGILANCE-VUL-19411.

Description of the vulnerability

The PAN-OS product offers a service to filter urls on the Palo Alto firewall.

However, by adding an HTTP header, this filtering is bypassed.

An attacker can therefore add an HTTP header for PAN-OS, in order to bypass the url filtering.
Full Vigil@nce bulletin... (Free trial)

vulnerability 19410

Node.js marked: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Node.js marked, in order to run JavaScript code in the context of the web site.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 19/04/2016.
Identifiers: VIGILANCE-VUL-19410.

Description of the vulnerability

The marked module can be installed on Node.js.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Node.js marked, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2900