The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

weakness note 21437

WordPress Nelio AB Testing: read-write access

Synthesis of the vulnerability

An attacker can bypass access restrictions of WordPress Nelio AB Testing, in order to read or alter data.
Severity: 2/4.
Creation date: 21/12/2016.
Identifiers: VIGILANCE-VUL-21437.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions of WordPress Nelio AB Testing, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-9586 CVE-2016-9952 CVE-2016-9953

cURL: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of cURL.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/12/2016.
Identifiers: APPLE-SA-2017-07-19-2, cpuoct2018, CVE-2016-9586, CVE-2016-9952, CVE-2016-9953, DLA-1568-1, DLA-767-1, DSA-2019-114, FEDORA-2016-86d2b5aefb, FEDORA-2016-edbb33ab2e, HT207615, HT207922, JSA10874, openSUSE-SU-2017:1105-1, RHSA-2018:3558-01, STORM-2019-002, USN-3441-1, USN-3441-2, VIGILANCE-VUL-21435.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in cURL.

An attacker can generate a buffer overflow via float numbers, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-9586]

On WinCE platforms, an attacker can tamper with X.501 names in the X.509 certificate validation process, in order to spoof a server. [severity:2/4; CVE-2016-9952]

On WinCE platforms, an attacker can raise a read only buffer overflow in the X.509 certificate validation process, in order to read the server process memory or crash it. [severity:2/4; CVE-2016-9953]
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2016-0736 CVE-2016-2161 CVE-2016-8743

Apache httpd: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache httpd.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/12/2016.
Revision date: 22/12/2016.
Identifiers: 1117414, APPLE-SA-2017-09-25-1, CVE-2016-0736, CVE-2016-2161, CVE-2016-8743, DLA-841-1, DLA-841-2, DSA-3796-1, DSA-3796-2, FEDORA-2016-8d9b62c784, FEDORA-2016-d22f50d985, HPESBUX03725, HT207615, HT208144, HT208221, JSA10838, K00373024, openSUSE-SU-2017:0897-1, openSUSE-SU-2017:0903-1, openSUSE-SU-2018:2856-1, RHSA-2017:0906-01, RHSA-2017:1721-01, SSA:2016-358-01, SUSE-SU-2018:2554-1, SUSE-SU-2018:2815-1, USN-3279-1, USN-3373-1, VIGILANCE-VUL-21434.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Apache httpd.

An attacker can tamper with encrypted session data, in order to get knowledge of the plain text value. [severity:1/4; CVE-2016-0736]

An attacker can trigger a fatal error in case of use of shared memory, in order to trigger a denial of service. [severity:2/4; CVE-2016-2161]

An attacker can make profit of syntax error recovery to tamper with HTTP responses headers and bodies. [severity:3/4; CVE-2016-8743]
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2016-9964

python-bottle: HTTP request corruption

Synthesis of the vulnerability

An attacker can call python-bottle with multiline HTTP header value, in order to inject headers in the processing of redirection.
Severity: 1/4.
Creation date: 21/12/2016.
Identifiers: CVE-2016-9964, DLA-761-1, DLA-761-2, DSA-3743-1, DSA-3743-2, FEDORA-2018-6cb474b8ff, FEDORA-2018-909707fc68, VIGILANCE-VUL-21433.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can call python-bottle with multiline HTTP header value, in order to inject headers in the processing of redirection. See also VIGILANCE-VUL-19925.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-9956

flightgear: file overwrite via Nasal scripts

Synthesis of the vulnerability

A local attacker can overwrite user files via Nasal scripts for Flight Gear.
Severity: 2/4.
Creation date: 21/12/2016.
Identifiers: CVE-2016-9956, DSA-3742-1, FEDORA-2016-01eba63bcc, FEDORA-2016-a1f774c3d7, VIGILANCE-VUL-21432.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can overwrite user files via Nasal scripts for Flight Gear.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-8979

dcmtk: buffer overflow via ACSE data structures

Synthesis of the vulnerability

An attacker can generate a buffer overflow via ACSE data structures of dcmtk, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 21/12/2016.
Identifiers: CVE-2015-8979, DLA-755-1, DSA-3749-1, VIGILANCE-VUL-21431.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via ACSE data structures of dcmtk, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2016-7463

VMware ESXi: Cross Site Scripting via Host Client

Synthesis of the vulnerability

An attacker can trigger a stored Cross Site Scripting via Host Client of VMware ESXi, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 21/12/2016.
Identifiers: CERTFR-2016-AVI-425, CVE-2016-7463, VIGILANCE-VUL-21430, VMSA-2016-0023.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The VMware ESXi product offers a web service.

However, it does not filter received data via Host Client before storing then inserting them in generated HTML documents.

An attacker can therefore trigger a stored Cross Site Scripting via Host Client of VMware ESXi, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2016-10029

QEMU: buffer overflow via VIRTIO_GPU_CMD_SET_SCANOUT

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a read only buffer overflow via the command VIRTIO_GPU_CMD_SET_SCANOUT of QEMU, in order to kil lthe emulated host.
Severity: 2/4.
Creation date: 20/12/2016.
Identifiers: CVE-2016-10029, openSUSE-SU-2017:0707-1, openSUSE-SU-2017:1872-1, SUSE-SU-2017:0625-1, SUSE-SU-2017:1774-1, USN-3261-1, VIGILANCE-VUL-21429.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can generate a read only buffer overflow via the command VIRTIO_GPU_CMD_SET_SCANOUT of QEMU, in order to kill the emulated host.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2016-10028

QEMU: buffer overflow via virtio-gpu-3d

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a buffer overflow via virtio-gpu-3d of QEMU, in order to trigger a denial of service against the host system.
Severity: 2/4.
Creation date: 20/12/2016.
Identifiers: CVE-2016-10028, FEDORA-2017-12394e2cc7, FEDORA-2017-b953d4d3a4, openSUSE-SU-2017:0707-1, openSUSE-SU-2017:1872-1, SUSE-SU-2017:0625-1, SUSE-SU-2017:1774-1, USN-3261-1, USN-3268-1, VIGILANCE-VUL-21428.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Qemu product manages commands exported to guest userspace process.

However, for the command VIRTIO_GPU_CMD_GET_CAPSET, QEMU accepts a nul buffer size for the command response data. In this cas, an overflow occurs.

An attacker, inside a guest system, can therefore generate a buffer overflow via virtio-gpu-3d of QEMU, in order to trigger a denial of service against the host system.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2016-1254

tor: buffer overflow

Synthesis of the vulnerability

An attacker can generate a one byte, read only, buffer overflow of tor, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 20/12/2016.
Identifiers: CVE-2016-1254, DLA-754-1, DSA-3741-1, FEDORA-2016-76b646637e, FEDORA-2016-95b4e9077e, openSUSE-SU-2016:3281-1, openSUSE-SU-2016:3282-1, VIGILANCE-VUL-21427.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a one byte, read only, buffer overflow of tor, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2019 2020 2021 2022 2023 2024 2025 2026 2027 2029 2031 2032 2033 2034 2035 2036 2037 2038 2039 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2922