The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability alert CVE-2017-8366

ettercap: vulnerability

Synthesis of the vulnerability

A vulnerability of ettercap was announced.
Impacted products: Debian, Fedora.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 09/06/2017.
Identifiers: CVE-2017-8366, DSA-3874-1, FEDORA-2017-36c7e7ef06, FEDORA-2017-8722576148, FEDORA-2017-988ee3e365, VIGILANCE-VUL-22931.

Description of the vulnerability

A vulnerability of ettercap was announced.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-9503

QEMU: NULL pointer dereference via the emulation of the chip MegaRAID SAS 8708EM2

Synthesis of the vulnerability

A privileged attacker, inside a guest system, can force a NULL pointer to be dereferenced via the emulation of the chip MegaRAID SAS 8708EM2 of QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: privileged shell.
Creation date: 08/06/2017.
Identifiers: CVE-2017-9503, DLA-1497-1, openSUSE-SU-2017:1872-1, SUSE-SU-2017:1770-1, SUSE-SU-2017:1774-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, SUSE-SU-2017:2946-1, SUSE-SU-2017:2963-1, SUSE-SU-2017:2969-1, SUSE-SU-2017:3084-1, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22930.

Description of the vulnerability

A privileged attacker, inside a guest system, can force a NULL pointer to be dereferenced via the emulation of the chip MegaRAID SAS 8708EM2 of QEMU, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-9468 CVE-2017-9469

irssi: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of irssi.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/06/2017.
Identifiers: bulletinjul2017, CVE-2017-9468, CVE-2017-9469, DLA-1088-1, DSA-3885-1, FEDORA-2017-75c571778e, openSUSE-SU-2017:1505-1, openSUSE-SU-2017:1515-1, SSA:2017-158-01, USN-3317-1, VIGILANCE-VUL-22929.

Description of the vulnerability

An attacker can use several vulnerabilities of irssi.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-6661

Cisco Email Security and Content Security Management Appliance: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Cisco Email Security Appliance and Content Security Management Appliance, in order to run JavaScript code in the context of the web site.
Impacted products: AsyncOS, Cisco Content SMA, Cisco ESA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 08/06/2017.
Identifiers: cisco-sa-20170607-esa, CVE-2017-6661, VIGILANCE-VUL-22926.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting in Cisco Email Security Appliance and Content Security Management Appliance, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-6659

Cisco Prime Collaboration Assurance: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Cisco Prime Collaboration Assurance, in order to force the victim to perform operations.
Impacted products: Prime Collaboration Assurance.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 08/06/2017.
Identifiers: cisco-sa-20170607-pca, CVE-2017-6659, VIGILANCE-VUL-22924.

Description of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Cisco Prime Collaboration Assurance, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-2595 CVE-2017-2666 CVE-2017-2670

Red Hat JBoss Enterprise Application Platform: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Red Hat JBoss Enterprise Application Platform.
Impacted products: Debian, JBoss EAP by Red Hat.
Severity: 3/4.
Consequences: data reading, data creation/edition, denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/06/2017.
Identifiers: CVE-2017-2595, CVE-2017-2666, CVE-2017-2670, DSA-3906-1, RHSA-2017:1409-01, RHSA-2017:1410-01, RHSA-2017:1411-01, RHSA-2017:1412-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, RHSA-2017:3454-01, RHSA-2017:3455-01, RHSA-2017:3456-01, RHSA-2017:3458-01, VIGILANCE-VUL-22923.

Description of the vulnerability

Several vulnerabilities were announced in Red Hat JBoss Enterprise Application Platform.

An attacker can traverse directories via the log viewer, in order to read a file outside the root path. [severity:2/4; CVE-2017-2595]

An attacker can tamper with HTTP response bodies by including invalid characters in the request. [severity:2/4; CVE-2017-2666]

An attacker can generate an infinite loop, in order to trigger a denial of service. [severity:3/4; CVE-2017-2670]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-6639

Cisco Prime Data Center Network Manager: privilege escalation via debug support functions

Synthesis of the vulnerability

An attacker can access to the debug support service included in Cisco Prime Data Center Network Manager, in order to get administrator privileges at the system level.
Impacted products: Cisco Prime DCNM.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 08/06/2017.
Identifiers: CERTFR-2017-AVI-171, cisco-sa-20170607-dcnm1, CVE-2017-6639, VIGILANCE-VUL-22922.

Description of the vulnerability

An attacker can access to the debug support service included in Cisco Prime Data Center Network Manager, in order to get administrator privileges at the system level.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-6640

Cisco Prime Data Center Network Manager: static password for privileged account

Synthesis of the vulnerability

An attacker can use an account created by Cisco Prime Data Center Network Manager with a static password and administration privileges, in order to escalate his privileges.
Impacted products: Cisco Prime DCNM.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 08/06/2017.
Identifiers: CERTFR-2017-AVI-171, cisco-sa-20170607-dcnm2, CVE-2017-6640, VIGILANCE-VUL-22921.

Description of the vulnerability

An attacker can use an account created by Cisco Prime Data Center Network Manager with a static password and administration privileges, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-6638

Cisco AnyConnect Secure Mobility Client: executing DLL code

Synthesis of the vulnerability

An attacker can create a malicious DLL, and then put it in the current directory of Cisco AnyConnect Secure Mobility Client for MS-Windows, in order to run code with the system privileges.
Impacted products: Cisco AnyConnect Secure Mobility Client.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 08/06/2017.
Identifiers: CERTFR-2017-AVI-171, cisco-sa-20170607-anyconnect, CVE-2017-6638, VIGILANCE-VUL-22920.

Description of the vulnerability

The Cisco AnyConnect Secure Mobility Client product uses external shared libraries (DLL).

However, if the working directory contains a malicious DLL, it is automatically loaded.

An attacker can therefore create a malicious DLL, and then put it in the current directory of Cisco AnyConnect Secure Mobility Client for MS-Windows, in order to run code with the system privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 22919

Joomla Payage: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Payage, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 07/06/2017.
Identifiers: VIGILANCE-VUL-22919.

Description of the vulnerability

An attacker can use a SQL injection of Joomla Payage, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2846