The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability CVE-2016-5699

Python: header tampering via urllib2, urllib

Synthesis of the vulnerability

An attacker can change the HTTP request created by urllib.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, Python, RHEL, Splunk Enterprise, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Creation date: 17/06/2016.
Identifiers: bulletinjul2016, CVE-2016-5699, DLA-1663-1, DLA-522-1, FEDORA-2016-34ca5273e9, FEDORA-2016-6c2b74bb96, FEDORA-2016-b046b56518, FEDORA-2016-ef784cf9f7, openSUSE-SU-2016:1885-1, openSUSE-SU-2016:2120-1, RHSA-2016:1626-01, RHSA-2016:1627-01, RHSA-2016:1628-01, RHSA-2016:1629-01, RHSA-2016:1630-01, SP-CAAAPSR, SPL-128812, SUSE-SU-2019:0223-1, USN-3134-1, VIGILANCE-VUL-19925.

Description of the vulnerability

The urllib module of the Python library is an HTTP client.

However, the urllib module accepts HTTP headers at the end of the URL. The headers will be inserted before the ones added by urllib.

An attacker can therefore change the HTTP request created by urllib.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-4430 CVE-2016-4431 CVE-2016-4433

Apache Struts: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache Struts.
Impacted products: Struts, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Percona Server.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 7.
Creation date: 17/06/2016.
Identifiers: cpujul2017, CVE-2016-0785-ERROR, CVE-2016-4430, CVE-2016-4431, CVE-2016-4433, CVE-2016-4436, CVE-2016-4438, CVE-2016-4461, CVE-2016-4465, S2-035, S2-036, S2-037, S2-038, S2-039, S2-040, S2-041, VIGILANCE-VUL-19922.

Description of the vulnerability

Several vulnerabilities were announced in Apache Struts.

An attacker can tamper with actions names, which are used to build the processing path of the request. [severity:1/4; CVE-2016-4436, S2-035]

An attacker can trigger a double evaluation of ONGL expressions, for instance to bypass escape mechanisms, in order to run code. See also VIGILANCE-VUL-19164. [severity:2/4; CVE-2016-0785-ERROR, CVE-2016-4461, S2-036]

An attacker can trigger code execution via an expression to be evaluated by the REST plugin. [severity:3/4; CVE-2016-4438, S2-037]

An attacker can bypass checking of the anti CSRF token. [severity:2/4; CVE-2016-4430, S2-038]

An attacker can trigger a redirection the target location of which is not checked with a specially crafted request. [severity:2/4; CVE-2016-4433, S2-039]

An attacker can trigger a redirection the target location of which is not checked. [severity:2/4; CVE-2016-4431, S2-040]

An attacker can change form validation processes that uses the built-in class URLValidator. [severity:1/4; CVE-2016-4465, S2-041]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 19921

pfSense: shell command execution via the web interface

Synthesis of the vulnerability

An attacker can inject a shell command via the web interface of pfSense, in order to run code.
Impacted products: pfSense.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 17/06/2016.
Identifiers: pfSense-SA-16_07.webgui, pfSense-SA-16_08.webgui, VIGILANCE-VUL-19921.

Description of the vulnerability

The pfSense product offers a web interface for operation and administration.

However, the parameter id of the page "pkg_mgr_install.php" and the parameters of the page "system_groupmanager.php" are not rightly filtered of checked before being used to build a shell command which will be run under the "root" account.

An attacker can therefore inject a shell command via the web interface of pfSense, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability 19920

RSA Authentication Manager: vulnerabilities of embedded components

Synthesis of the vulnerability

Some vulnerabilities of the software modules included in RSA Authentication Manager were announced.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 17/06/2016.
Identifiers: ESA-2016-077, VIGILANCE-VUL-19920.

Description of the vulnerability

Some vulnerabilities of the software modules included in RSA Authentication Manager were announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-4562 CVE-2016-4563 CVE-2016-4564

ImageMagick: buffer overflow

Synthesis of the vulnerability

An attacker can generate three buffer overflow of ImageMagick, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, openSUSE, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/06/2016.
Identifiers: bulletinjul2016, CVE-2016-4562, CVE-2016-4563, CVE-2016-4564, DLA-517-1, DLA-731-1, DLA-731-2, DSA-3652-1, openSUSE-SU-2016:1748-1, openSUSE-SU-2016:1833-1, SUSE-SU-2016:1782-1, SUSE-SU-2016:1784-1, VIGILANCE-VUL-19919.

Description of the vulnerability

An attacker can generate three buffer overflow of ImageMagick, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 19918

Skype for Business: information disclosure via the response time

Synthesis of the vulnerability

An attacker can measure the response time of the Web authentication of Skype for Business, in order to obtain usernames.
Impacted products: Skype for Business.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 17/06/2016.
Identifiers: VIGILANCE-VUL-19918.

Description of the vulnerability

The Skype for Business product includes a Web interface and can use a private directory as an account database.

However, the response time of a Web authentication request mainly depends on whether the username is valid.An attacker who can guess realistic values for usernames can check his guess without access to the directory. In the case of a Windows Active Directory, the guessed account names are also system accounts and maybe mail accounts.

An attacker can therefore measure the response time of the Web authentication of Skype for Business, in order to obtain usernames.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 19917

pfSense: Cross Site Scripting via squid

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in the log files and the antivirus alerts in pfSense, in order to run JavaScript code in the context of the web site.
Impacted products: pfSense.
Severity: 2/4.
Consequences: client access/rights.
Provenance: internet client.
Creation date: 17/06/2016.
Identifiers: pfSense-SA-16_06.squid, VIGILANCE-VUL-19917.

Description of the vulnerability

The pfSense product includes a web interface for the antivirus operation.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in the log files and the antivirus alerts in pfSense, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-8895 CVE-2015-8896 CVE-2015-8897

ImageMagick: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ImageMagick.
Impacted products: BIG-IP Hardware, TMOS, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 17/06/2016.
Identifiers: CVE-2015-8895, CVE-2015-8896, CVE-2015-8897, CVE-2015-8898, openSUSE-SU-2016:1724-1, openSUSE-SU-2016:1748-1, openSUSE-SU-2016:1833-1, openSUSE-SU-2016:2073-1, RHSA-2016:1237-01, SOL30403302, SOL68785753, SUSE-SU-2016:1782-1, SUSE-SU-2016:1783-1, SUSE-SU-2016:1784-1, VIGILANCE-VUL-19916.

Description of the vulnerability

An attacker can use several vulnerabilities of ImageMagick.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-0772

Python: TLS disabling in smtplib

Synthesis of the vulnerability

An attacker can make the creation of a TLS tunnel by the smtplib module of Python, in order to read sent mails.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, Python, RHEL, Splunk Enterprise, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading, data flow.
Provenance: LAN.
Creation date: 16/06/2016.
Identifiers: bulletinjul2016, CVE-2016-0772, DLA-1663-1, DLA-522-1, DLA-871-1, FEDORA-2016-105b80d1be, FEDORA-2016-13be2ee499, FEDORA-2016-2869023091, FEDORA-2016-34ca5273e9, FEDORA-2016-5c52dcfe47, FEDORA-2016-6c2b74bb96, FEDORA-2016-a0853405eb, FEDORA-2016-aae6bb9433, FEDORA-2016-b046b56518, FEDORA-2016-e37f15a5f4, FEDORA-2016-ef784cf9f7, openSUSE-SU-2016:1885-1, openSUSE-SU-2016:2120-1, RHSA-2016:1626-01, RHSA-2016:1627-01, RHSA-2016:1628-01, RHSA-2016:1629-01, RHSA-2016:1630-01, SP-CAAAPSR, SPL-128812, SUSE-SU-2019:0223-1, USN-3134-1, VIGILANCE-VUL-19915.

Description of the vulnerability

The Python library includes a SMTP client.

This library enables a TLS tunnel. However, it does not check the status code of the STARTTLS command and accept to continue the SMTP session in plain text. An attacker who can hijack the traffic can insert an error after the STARTTLS command to disable the encryption.

An attacker can therefore make the creation of a TLS tunnel by the smtplib module of Python, in order to read sent mails.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-3193 CVE-2016-3194 CVE-2016-3195

Fortinet FortiManager / FortiAnalyzer: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Fortinet FortiManager / FortiAnalyzer.
Impacted products: FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiManager, FortiManager Virtual Appliance.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 16/06/2016.
Revision date: 04/08/2016.
Identifiers: 1624459, 1624561, CVE-2016-3193, CVE-2016-3194, CVE-2016-3195, CVE-2016-3196, VIGILANCE-VUL-19914.

Description of the vulnerability

Several vulnerabilities were announced in Fortinet FortiManager / FortiAnalyzer.

An attacker can trigger a Cross Site Scripting via Add Tags, in order to run JavaScript code in the context of the web site. [severity:2/4; 1624459]

An attacker can trigger a Cross Site Scripting via Predefined Bookmarks, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting via tabview.htm, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting via filename, in order to run JavaScript code in the context of the web site. [severity:2/4; 1624561]
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821