The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability alert 20031

stunnel: wrong validation of X.509 certificate

Synthesis of the vulnerability

An attacker can bypass the certificate validation rules of stunnel, in order to bypass the access rules of the TLS protocol layer.
Impacted products: Slackware, stunnel.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 06/07/2016.
Identifiers: SSA:2016-219-04, VIGILANCE-VUL-20031.

Description of the vulnerability

The stunnel allows to cryptographically protect communications of programs that do not natively use TLS.

The configuration directive "verify = 4" is used to require that the peer certificate is present in the local trusted certificate list. However, stunnel wrongly checks that. So, when used in client mode, stunnel may accept a spoofing server, and when used in server mode, it may accept unauthorized client.

An attacker can therefore bypass the certificate validation rules of stunnel, in order to bypass the access rules of the TLS protocol layer.
Full Vigil@nce bulletin... (Free trial)

vulnerability 20030

nginx: denial of service via proxy_request_buffering

Synthesis of the vulnerability

An attacker can request nginx with HTTP version 2, in order to trigger a denial of service.
Impacted products: nginx.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 06/07/2016.
Identifiers: VIGILANCE-VUL-20030.

Description of the vulnerability

The nginx product is a web server.

However, when a client uses HTTP version 2 and proxy_request_buffering option is enabled, it raises a fatal error.

An attacker can request nginx with HTTP version 2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 20029

libircclient: use of unsuitable cryptographic suite

Synthesis of the vulnerability

An attacker can make profit of the poor choice of cryptographic algorithms for TLS in libircclient, in order to make communication attack easier.
Impacted products: openSUSE, openSUSE Leap.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 06/07/2016.
Identifiers: openSUSE-SU-2016:1737-1, openSUSE-SU-2016:1742-1, openSUSE-SU-2016:1766-1, VIGILANCE-VUL-20029.

Description of the vulnerability

An attacker can make profit of the poor choice of cryptographic algorithms for TLS in libircclient, in order to make communication attack easier.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-3992

cronic: file corruption via prediction of temporary names

Synthesis of the vulnerability

An attacker can guess the names of temporary files used by cronic in a world writable folder (/tmp) and create a bunch of symbolic links, in order to change corrupt files with the privileges of the cronic process.
Impacted products: openSUSE, openSUSE Leap.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 06/07/2016.
Identifiers: CVE-2016-3992, openSUSE-SU-2016:1741-1, VIGILANCE-VUL-20028.

Description of the vulnerability

An attacker can guess the names of temporary files used by cronic in a world writable folder (/tmp) and create a bunch of symbolic links, in order to corrupt files with the privileges of the cronic process.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-4979

Apache httpd: missing user level access control with TLS

Synthesis of the vulnerability

An attacker can bypass access control rules based on user authentication at TLS level requesting Apache httpd with HTTP version 2, in order to get sensitive information.
Impacted products: Apache httpd, Fedora, Solaris, RHEL.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 05/07/2016.
Identifiers: bulletinoct2016, CVE-2016-4979, FEDORA-2016-c7288a5b36, FEDORA-2016-e256a03791, RHSA-2016:1420-01, VIGILANCE-VUL-20027.

Description of the vulnerability

The Apache httpd product implements HTTP version 2 and client authentication at SSL level.

One can configure the server to request user authentication and set access control rules based on X.509 user identity. User authentication is enabled with the configuration command "SSLVerifyClient require". However, when a request is served at HTTP level with the version 2 of the protocol, this configuration command is ignored.

An attacker can therefore bypass access control rules based on user authentication at TLS level requesting Apache httpd with HTTP version 2, in order to get sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 20026

Openfire: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Openfire.
Impacted products: Openfire.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 05/07/2016.
Identifiers: VIGILANCE-VUL-20026.

Description of the vulnerability

Several vulnerabilities were announced in Openfire.

An attacker can trigger a Cross Site Scripting via server2server-settings.jsp, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting via advance-user-search.jsp, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting via search-props-edit-form.jsp, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting via page create-bookmark.jsp, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting via audit-policy.jsp, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting via import-keystore-certificate.jsp, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting via advance-user-search.jsp, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Request Forgery via connection-settings-external-components.jsp, in order to force the victim to perform operations. [severity:2/4]

An attacker can trigger a Cross Site Request Forgery via client-connections-settings.jsp, in order to force the victim to perform operations. [severity:2/4]

An attacker can trigger a Cross Site Request Forgery via server-properties.jsp, in order to force the victim to perform operations. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 20025

WordPress Advanced AJAX Page Loader: file upload via AAPLuploadloader

Synthesis of the vulnerability

An attacker can upload a malicious file via AAPLuploadloader on WordPress Advanced AJAX Page Loader, in order for example to upload a Trojan.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 05/07/2016.
Identifiers: VIGILANCE-VUL-20025.

Description of the vulnerability

The Advanced AJAX Page Loader plugin can be installed on WordPress.

It can be used to upload a file. However, as the file type is not restricted, a PHP file can be uploaded on the server, and then invoked.

An attacker can therefore upload a malicious file via AAPLuploadloader on WordPress Advanced AJAX Page Loader, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 20024

WordPress Real3D FlipBook: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WordPress Real3D FlipBook.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights, data creation/edition, data deletion.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 05/07/2016.
Identifiers: VIGILANCE-VUL-20024.

Description of the vulnerability

Several vulnerabilities were announced in WordPress Real3D FlipBook.

An attacker can delete files. [severity:2/4]

An attacker can traverse directories via bookName, in order to overwrite a file outside the root path. [severity:2/4]

An attacker can trigger a Cross Site Scripting via bookId, in order to run JavaScript code in the context of the web site. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 20023

mbedtls: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of mbedtls.
Impacted products: Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: client access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 05/07/2016.
Identifiers: FEDORA-2016-51680a3b62, FEDORA-2016-883e40d094, openSUSE-SU-2016:1892-1, VIGILANCE-VUL-20023.

Description of the vulnerability

An attacker can use several vulnerabilities of mbedtls.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-6130 CVE-2016-6156

Linux kernel: memory corruption via non repeatable read

Synthesis of the vulnerability

An attacker can generate several memory corruption in the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/07/2016.
Identifiers: 116741, 120131, CERTFR-2016-AVI-315, CERTFR-2017-AVI-001, CERTFR-2017-AVI-053, CVE-2016-6130, CVE-2016-6156, DSA-3616-1, FEDORA-2016-784d5526d8, FEDORA-2016-9a16b2e14e, openSUSE-SU-2016:3021-1, SUSE-SU-2016:2912-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0471-1, USN-3084-1, USN-3084-2, USN-3084-3, USN-3084-4, VIGILANCE-VUL-20022.

Description of the vulnerability

Several vulnerabilities of the type "double fetch" were announced in the Linux kernel.

The bulletin VIGILANCE-VUL-20011 provides details about the nature of the bug. Differences between vulnerabilities of this kind concerns the vulnerable driver or system call and the data structure used to exchange data with the userspace.

An attacker can make the kernel corrupt a structure named "sccb" in the routine sclp_ctl_ioctl_sccb() by changing the system call arguments while the kernel is running. [severity:2/4; 116741, CVE-2016-6130]

An attacker can make the kernel corrupt a structure named "u_cmd" in the routine ec_device_ioctl_xcmd() by changing the system call parameters while the kernel is running. [severity:2/4; 120131, CVE-2016-6156]
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2847