The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Blue Coat ProxyRA

computer vulnerability CVE-2018-0732

OpenSSL: denial of service via Large DH Parameter

Synthesis of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, AIX, IBM i, Rational ClearCase, QRadar SIEM, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 2/4.
Consequences: denial of service on client.
Provenance: internet server.
Creation date: 12/06/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0732, DLA-1449-1, DSA-4348-1, DSA-4355-1, ibm10719319, ibm10729805, ibm10738401, ibm10743283, ibm10874728, JSA10919, K21665601, openSUSE-SU-2018:1906-1, openSUSE-SU-2018:2117-1, openSUSE-SU-2018:2129-1, openSUSE-SU-2018:2667-1, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2816-1, openSUSE-SU-2018:2855-1, openSUSE-SU-2018:3013-1, openSUSE-SU-2018:3015-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:1887-1, SUSE-SU-2018:1968-1, SUSE-SU-2018:2036-1, SUSE-SU-2018:2041-1, SUSE-SU-2018:2207-1, SUSE-SU-2018:2647-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2812-1, SUSE-SU-2018:2956-1, SUSE-SU-2018:2965-1, SUSE-SU-2019:1553-1, SYMSA1462, TNS-2018-14, TNS-2018-17, TSB17568, USN-3692-1, USN-3692-2, VIGILANCE-VUL-26375.

Description of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-1834 CVE-2016-1835 CVE-2016-1836

libxml2: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libxml2.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, NSM Central Manager, NSMXpress, McAfee Web Gateway, openSUSE, openSUSE Leap, RHEL, SLES, Nessus, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 03/06/2016.
Identifiers: CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1840, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206567, HT206568, HT206902, HT206903, JSA10770, JSA10774, K14614344, K16712298, K48220300, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19787.

Description of the vulnerability

Several vulnerabilities were announced in libxml2.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1834]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1835]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1836]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1837]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1840]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-1762

libxml2: memory corruption

Synthesis of the vulnerability

An attacker can generate a memory corruption of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, McAfee Web Gateway, openSUSE, openSUSE Leap, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/06/2016.
Identifiers: CERTFR-2017-AVI-012, CVE-2016-1762, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206567, HT206568, JSA10770, K14338030, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, USN-2994-1, VIGILANCE-VUL-19786.

Description of the vulnerability

An attacker can generate a memory corruption of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-4447 CVE-2016-4448 CVE-2016-4449

libxml2: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libxml2.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, Junos OS, Junos Space, libxml, McAfee Web Gateway, openSUSE Leap, Oracle Communications, RHEL, Slackware, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 25/05/2016.
Identifiers: 1989337, 1991909, 1991910, 1991911, 1991913, 1991997, CERTFR-2017-AVI-012, cpujan2018, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206902, HT206903, JSA10770, JSA10916, K24322529, K41103561, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SOL41103561, SPL-119440, SPL-121159, SPL-123095, SSA:2016-148-01, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, USN-3235-1, VIGILANCE-VUL-19694.

Description of the vulnerability

Several vulnerabilities were announced in libxml2.

An attacker can force a read at an invalid address via xmlParseName, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-4447]

An attacker can use a format string attack, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4448]

An attacker can generate a memory corruption via Entities Content, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4449]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-4483

libxml2: out-of-bounds memory reading via xmlBufAttrSerializeTxtContent

Synthesis of the vulnerability

An attacker can force a read at an invalid address in xmlBufAttrSerializeTxtContent() of libxml2, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, libxml, openSUSE, openSUSE Leap, Solaris, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 04/05/2016.
Identifiers: 1989337, 1991909, 1991910, 1991911, 1991913, 1991997, bulletinjul2016, CVE-2016-4483, DLA-503-1, DSA-3593-1, HT206902, HT206903, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, SA129, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19514.

Description of the vulnerability

The xmllint tool of libxml2 has the option "--recover" to try to decode a malformed XML document.

However, the xmlBufAttrSerializeTxtContent() function of the xmlsave.c file tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address in xmlBufAttrSerializeTxtContent() of libxml2, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-3705

libxml2: infinite loop of xmlParserEntityCheck

Synthesis of the vulnerability

An attacker can generate an infinite recursion in xmlStringGetNodeList() of libxml2, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Junos OS, Junos Space, libxml, McAfee Web Gateway, openSUSE, openSUSE Leap, RHEL, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/05/2016.
Identifiers: 765207, CERTFR-2017-AVI-012, CVE-2016-3705, DLA-503-1, DSA-3593-1, JSA10770, JSA10916, openSUSE-SU-2016:1446-1, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SOL54225343, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19513.

Description of the vulnerability

The libxml2 library includes an XML parser.

However, a malformed document triggers an infinite recursion in the xmlParserEntityCheck(), xmlParseEntityValue() and xmlParseAttValueComplex() functions, which depletes the stack.

An attacker can therefore generate an infinite recursion in xmlStringGetNodeList() of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-3627

libxml2: infinite loop of xmlStringGetNodeList

Synthesis of the vulnerability

An attacker can generate an infinite recursion in xmlStringGetNodeList() of libxml2, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Junos OS, Junos Space, libxml, McAfee Web Gateway, openSUSE, openSUSE Leap, Solaris, RHEL, Splunk Enterprise, Nessus, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 21/03/2016.
Revision date: 03/05/2016.
Identifiers: 1989337, 1991909, 1991910, 1991911, 1991913, 1991997, 762100, bulletinjul2016, CERTFR-2017-AVI-012, CVE-2016-3627, DLA-503-1, DSA-3593-1, JSA10770, JSA10916, openSUSE-SU-2016:1298-1, openSUSE-SU-2016:1446-1, openSUSE-SU-2016:1594-1, RHSA-2016:1292-01, SA129, SB10170, SOL54225343, SPL-119440, SPL-121159, SPL-123095, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19201.

Description of the vulnerability

The xmllint tool of libxml2 has the option "--recover" to try to decode a malformed XML document.

However, a malformed document triggers an infinite recursion in the xmlStringGetNodeList() function, which depletes the stack.

An attacker can therefore generate an infinite recursion in xmlStringGetNodeList() of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-1839

libxml2: unreachable memory reading via xmlDictAddString

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlDictAddString() function, in order to trigger a denial of service.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Junos Space, libxml, McAfee Web Gateway, openSUSE, openSUSE Leap, RHEL, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 23/02/2016.
Identifiers: CERTFR-2017-AVI-012, CVE-2016-1839, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206567, HT206568, JSA10770, K26422113, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, openSUSE-SU-2017:1510-1, RHSA-2016:1292-01, SA129, SB10170, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19007.

Description of the vulnerability

The libxml2 library includes an XML parser.

However, malformed XML data force the xmlDictAddString() function to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlDictAddString() function, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-1833

libxml2: unreachable memory reading via xmlNextChar

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlDictAddString() function, in order to trigger a denial of service.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, Junos Space, NSM Central Manager, NSMXpress, libxml, McAfee Web Gateway, openSUSE, openSUSE Leap, Solaris, RHEL, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 23/02/2016.
Identifiers: 758606, bulletinjul2016, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2016-1833, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206567, HT206568, JSA10770, JSA10774, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19006.

Description of the vulnerability

The libxml2 library includes an XML parser.

However, malformed XML data force the xmlNextChar() function to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlNextChar() function, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-1838

libxml2: unreachable memory reading via xmlParseEndTag2

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlParseEndTag2() function, in order to trigger a denial of service.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, libxml, McAfee Web Gateway, openSUSE, openSUSE Leap, RHEL, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 23/02/2016.
Identifiers: 758588, 758589, CERTFR-2017-AVI-012, CVE-2016-1838, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206567, HT206568, JSA10770, K71926235, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19005.

Description of the vulnerability

The libxml2 library includes an XML parser.

However, an ending tag located after a long name forces the xmlParseEndTag2() function to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlParseEndTag2() function, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.