The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HPE NNMi

vulnerability announce CVE-2012-2022

HP NNMi: Cross Site Scripting

Synthesis of the vulnerability

An attacker can use several Cross Site Scripting of HP Network Node Manager i, in order to execute JavaScript code in the context of the web site.
Impacted products: HPE NNMi.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 06/08/2012.
Identifiers: BID-54815, c03405705, CERTA-2012-AVI-423, CVE-2012-2022, HPSBMU02798, SSRT100908, VIGILANCE-VUL-11822.

Description of the vulnerability

An attacker can use several Cross Site Scripting of HP Network Node Manager i, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-2018

HP NNMi: Cross Site Scripting

Synthesis of the vulnerability

An attacker can use several Cross Site Scripting of HP Network Node Manager i, in order to execute JavaScript code in the context of the web site.
Impacted products: HPE NNMi.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 02/07/2012.
Identifiers: BID-54261, c03343724, CERTA-2012-AVI-362, CVE-2012-2018, HPSBMU02783, SSRT100806, VIGILANCE-VUL-11734.

Description of the vulnerability

An attacker can use several Cross Site Scripting of HP Network Node Manager i, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2011-4858

Tomcat, JBoss: denial of service via hash collision

Synthesis of the vulnerability

An attacker can send data generating storage collisions, in order to overload a service.
Impacted products: Tomcat, Debian, Fedora, HPE NNMi, OpenView NNM, HP-UX, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, ESX, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/02/2012.
Identifiers: BID-51200, c03183543, c03231290, c03824583, CERTA-2012-AVI-479, CERTA-2013-AVI-440, CVE-2011-4084-REJECT, CVE-2011-4858, DSA-2401-1, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, FEDORA-2012-7258, FEDORA-2012-7593, HPSBMU02747, HPSBMU02894, HPSBUX02741, openSUSE-SU-2012:0103-1, RHSA-2012:0041-01, RHSA-2012:0074-01, RHSA-2012:0075-01, RHSA-2012:0076-01, RHSA-2012:0077-01, RHSA-2012:0078-01, RHSA-2012:0089-01, RHSA-2012:0091-01, RHSA-2012:0325-01, RHSA-2012:0406-01, RHSA-2012:0474-01, RHSA-2012:0475-01, RHSA-2012:0679-01, RHSA-2012:0680-01, RHSA-2012:0681-01, RHSA-2012:0682-01, SSRT100728, SSRT100771, VIGILANCE-VUL-11383, VMSA-2012-0003.1, VMSA-2012-0005.2, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0013, VMSA-2012-0013.1.

Description of the vulnerability

The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.

This vulnerability impacts Tomcat.

In order to simplify VIGILANCE-VUL-11254, which was too big, solutions for Tomcat were moved here.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2011-3563 CVE-2011-3571 CVE-2011-5035

Java JRE/JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Debian, Fedora, HPE NNMi, HP-UX, Tivoli System Automation, Mandriva Linux, Windows (platform) ~ not comprehensive, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VMware vSphere.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 15/02/2012.
Identifiers: BID-52009, BID-52010, BID-52011, BID-52012, BID-52013, BID-52014, BID-52015, BID-52016, BID-52017, BID-52018, BID-52019, BID-52020, BID-52161, c03254184, c03266681, c03316985, c03350339, c03358587, c03405642, CERTA-2012-AVI-085, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CERTA-2012-AVI-479, CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0504, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0508, DSA-2420-1, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, FEDORA-2012-1690, FEDORA-2012-1711, FEDORA-2012-1721, HPSBMU02797, HPSBMU02799, HPSBUX02757, HPSBUX02760, HPSBUX02777, HPSBUX02784, javacpufeb2012, MDVSA-2012:021, openSUSE-SU-2012:0309-1, PRE-SA-2012-01, RHSA-2012:0135-01, RHSA-2012:0139-01, RHSA-2012:0322-01, RHSA-2012:0508-01, RHSA-2012:0514-01, RHSA-2012:0702-01, RHSA-2012:1080-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100779, SSRT100805, SSRT100854, SSRT100867, SSRT100871, SUSE-SU-2012:0308-1, SUSE-SU-2012:0602-1, SUSE-SU-2012:0603-1, SUSE-SU-2012:0734-1, SUSE-SU-2012:0881-1, SUSE-SU-2012:1013-1, swg21632667, swg21632668, swg21633991, swg21633992, TPTI-12-01, TSL20120214-01, VIGILANCE-VUL-11368, VMSA-2012-0005.2, VMSA-2012-0005.4, VMSA-2012-0013, VMSA-2012-0013.2, VMSA-2012-0018.1, VMSA-2013-0003, ZDI-12-032, ZDI-12-037, ZDI-12-038, ZDI-12-039, ZDI-12-045, ZDI-12-060, ZDI-12-081, ZDI-12-082, ZDI-12-083.

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-52009, CVE-2012-0497]

An attacker can use a vulnerability of 2D (readMabCurveData nTblSize), in order to execute code. [severity:4/4; BID-52019, CVE-2012-0498, ZDI-12-032, ZDI-12-060]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-52016, CVE-2012-0499]

An attacker can invite the vicim to open a malicious JNLP file, in order to execute code via Java Web Start Deployment. [severity:4/4; BID-52015, CVE-2012-0500, TSL20120214-01, ZDI-12-037, ZDI-12-039]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-52010, CVE-2012-0508, ZDI-12-038]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-52020, CVE-2012-0504]

An attacker can use a vulnerability of Concurrency, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-52161, CVE-2011-3571, CVE-2012-0507]

An attacker can use a vulnerability of I18n, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-52018, CVE-2012-0503]

An attacker can use a vulnerability of Serialization, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-52017, CVE-2012-0505]

An attacker can use a vulnerability of AWT, in order to obtain information, or to create a denial of service. [severity:3/4; BID-52011, CVE-2012-0502]

An attacker can use a vulnerability of Sound, in order to obtain information, or to create a denial of service. [severity:3/4; BID-52012, CERTA-2012-AVI-085, CVE-2011-3563]

An attacker can post HTTP data to Lightweight HTTP Server generating storage collisions, in order to overload a remote web server (VIGILANCE-VUL-11381). [severity:3/4; CVE-2011-5035]

An attacker can use a ZIP archive generating an infinite loop in the JRE. [severity:3/4; BID-52013, CVE-2012-0501, PRE-SA-2012-01]

An attacker can use a vulnerability of CORBA, in order to alter information. [severity:2/4; BID-52014, CVE-2012-0506]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-4155 CVE-2011-4156 CVE-2011-5184

HP NNMi: two Cross Site Scripting

Synthesis of the vulnerability

An attacker can create two Cross Site Scripting in HP Network Node Manager i.
Impacted products: HPE NNMi.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/11/2011.
Revision date: 24/11/2011.
Identifiers: 0A29-11-1, BID-50635, BID-50806, c03035744, CERTA-2011-AVI-631, CVE-2011-4155, CVE-2011-4156, CVE-2011-5184, HPSBMU02708, SSRT100633, VIGILANCE-VUL-11151.

Description of the vulnerability

An attacker can create two Cross Site Scripting in HP Network Node Manager i.

An attacker can execute JavaScript code in the context of the web site. [severity:2/4; CERTA-2011-AVI-631, CVE-2011-4155]

An attacker can execute JavaScript code in the context of the web site. [severity:2/4; CVE-2011-4156]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2011-3389 CVE-2011-3516 CVE-2011-3521

Java JRE/JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Debian, Fedora, HPE NNMi, HP-UX, Mandriva Linux, Windows (platform) ~ not comprehensive, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VirtualCenter.
Severity: 4/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 20.
Creation date: 19/10/2011.
Identifiers: BID-49778, BID-50211, BID-50215, BID-50216, BID-50218, BID-50220, BID-50223, BID-50224, BID-50226, BID-50229, BID-50231, BID-50234, BID-50236, BID-50237, BID-50239, BID-50242, BID-50243, BID-50246, BID-50248, BID-50250, c03122753, c03266681, c03316985, c03358587, c03405642, CERTA-2011-AVI-541, CERTA-2011-AVI-580, CERTA-2011-AVI-675, CERTA-2012-AVI-012, CERTA-2012-AVI-045, CERTA-2012-AVI-190, CERTA-2012-AVI-238, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561, DSA-2356-1, DSA-2358-1, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, FEDORA-2011-14638, FEDORA-2011-14648, FEDORA-2011-15555, HPSBMU02797, HPSBMU02799, HPSBUX02730, HPSBUX02760, HPSBUX02777, javacpuoct2011, MDVSA-2011:170, openSUSE-SU-2011:1196-1, RHSA-2011:1380-01, RHSA-2011:1384-01, RHSA-2011:1478-01, RHSA-2012:0006-01, RHSA-2012:0034-01, RHSA-2012:0343-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100710, SSRT100805, SSRT100854, SSRT100867, SUSE-SU-2011:1298-1, SUSE-SU-2012:0114-1, SUSE-SU-2012:0114-2, SUSE-SU-2012:0122-1, SUSE-SU-2012:0122-2, VIGILANCE-VUL-11072, VMSA-2012-0003, VMSA-2012-0003.1, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0013.1, VU#864643, ZDI-11-305, ZDI-11-306, ZDI-11-307.

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50211, CVE-2011-3548]

An attacker can use a vulnerability of Java IIOP Deserialization, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50215, CVE-2011-3521, ZDI-11-306]

An attacker can use a vulnerability of Java Runtime Environment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50216, CVE-2011-3554]

An attacker can use a vulnerability of Rhino Javascript, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50218, CVE-2011-3544, ZDI-11-305]

An attacker can use a vulnerability of Sound MixerSequencer.nAddControllerEventCallback, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50220, CVE-2011-3545, ZDI-11-307]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50223, CVE-2011-3549]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50224, CVE-2011-3551]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50226, CVE-2011-3550]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50229, CVE-2011-3516]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-50231, CVE-2011-3556]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-50234, CVE-2011-3557]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:3/4; BID-50236, CVE-2011-3560]

An attacker can use a vulnerability of Java Runtime Environment, in order to alter information, or to create a denial of service. [severity:3/4; BID-50237, CVE-2011-3555]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:3/4; BID-50239, CVE-2011-3546]

An attacker can use a vulnerability of HotSpot, in order to obtain information. [severity:2/4; BID-50242, CVE-2011-3558]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-50243, CERTA-2012-AVI-238, CVE-2011-3547]

An attacker, who can control HTTPS connections of victim's web browser and which has a sufficient bandwidth, can use several SSL sessions in order to compute HTTP headers, such as cookies (VIGILANCE-VUL-11014). [severity:1/4; BID-49778, CERTA-2011-AVI-541, CERTA-2011-AVI-580, CERTA-2011-AVI-675, CERTA-2012-AVI-012, CERTA-2012-AVI-045, CERTA-2012-AVI-190, CVE-2011-3389, VU#864643]

An attacker can use a vulnerability of JAXWS, in order to obtain information. [severity:2/4; BID-50246, CVE-2011-3553]

An attacker can open numerous UDP ports, in order to facilitate a DNS cache poisoning attack (VIGILANCE-VUL-11087). [severity:1/4; BID-50248, CVE-2011-3552]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:1/4; BID-50250, CVE-2011-3561]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2011-1483

JBoss: denial of service via DTD recursion

Synthesis of the vulnerability

An attacker can send special XML data, in order to create a denial of service when they are analyzed by JBoss Web Services Native.
Impacted products: HPE NNMi, RHEL, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 16/09/2011.
Identifiers: 692584, BID-49654, c03824583, CERTA-2011-AVI-521, CERTA-2013-AVI-440, CVE-2011-1483, HPSBMU02894, RHSA-2011:1301-01, RHSA-2011:1302-01, RHSA-2011:1303-01, RHSA-2011:1304-01, RHSA-2011:1305-01, RHSA-2011:1306-01, RHSA-2011:1307-01, RHSA-2011:1308-01, RHSA-2011:1309-01, RHSA-2011:1310-01, RHSA-2011:1311-01, RHSA-2011:1312-01, RHSA-2011:1313-01, VIGILANCE-VUL-11000.

Description of the vulnerability

A user can send an HTTP POST query, in order to transmit XML data to the JBoss service.

An XML file can contain special characters represented as entities, such as "&abc;". These entities are defined in a DTD (Document Type Definitions).

An attacker can create an entity calling numerous other entities. JBoss does not limit the number of replacements, which creates deep recursive calls.

An attacker can therefore send special XML data, in order to create a denial of service when they are analyzed by JBoss Web Services Native.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2011-0786 CVE-2011-0788 CVE-2011-0802

Java JRE/JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Debian, Fedora, HPE NNMi, HP-UX, NSMXpress, Mandriva Linux, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX, vCenter Server.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, client access/rights, data creation/edition, data deletion, data flow, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 08/06/2011.
Identifiers: BID-48133, BID-48134, BID-48135, BID-48136, BID-48137, BID-48138, BID-48139, BID-48140, BID-48141, BID-48142, BID-48143, BID-48144, BID-48145, BID-48146, BID-48147, BID-48148, BID-48149, c02945548, c03316985, c03358587, c03405642, CERTA-2003-AVI-005, CERTA-2011-AVI-336, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873, DSA-2311-1, DSA-2358-1, FEDORA-2011-8003, FEDORA-2011-8020, FEDORA-2011-8028, HPSBMU02797, HPSBMU02799, HPSBUX02697, HPSBUX02777, javacpujune2011, MDVSA-2011:126, openSUSE-SU-2011:0633-1, openSUSE-SU-2011:0706-1, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, RHSA-2011:0856-01, RHSA-2011:0857-01, RHSA-2011:0860-01, RHSA-2011:0938-01, RHSA-2011:1087-01, RHSA-2011:1159-01, RHSA-2011:1265-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100591, SSRT100854, SSRT100867, SUSE-SA:2011:030, SUSE-SA:2011:032, SUSE-SA:2011:036, SUSE-SU-2011:0632-1, SUSE-SU-2011:0807-1, SUSE-SU-2011:0863-1, SUSE-SU-2011:0863-2, SUSE-SU-2011:0966-1, SUSE-SU-2011:1082-1, TPTI-11-06, VIGILANCE-VUL-10722, VMSA-2011-0013.1, ZDI-11-182, ZDI-11-183, ZDI-11-184, ZDI-11-185, ZDI-11-186, ZDI-11-187, ZDI-11-188, ZDI-11-189, ZDI-11-190, ZDI-11-191, ZDI-11-192, ZDI-11-199.

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of 2D (ICC profile), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48137, CVE-2011-0862, TPTI-11-06, ZDI-11-183, ZDI-11-184, ZDI-11-185, ZDI-11-186, ZDI-11-187, ZDI-11-188, ZDI-11-189, ZDI-11-190, ZDI-11-191]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48148, CVE-2011-0873]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48143, CVE-2011-0815]

An attacker can use a vulnerability of Deployment (IE Browser Plugin), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48134, CVE-2011-0817, ZDI-11-182]

An attacker can use a vulnerability of Deployment (Java Web Start), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48138, CVE-2011-0863, ZDI-11-192]

An attacker can use a vulnerability of HotSpot, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48139, CVE-2011-0864]

An attacker can use a vulnerability of Soundbank Decompression, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48149, CVE-2011-0802, ZDI-11-199]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48145, CVE-2011-0814]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48142, CVE-2011-0871]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48133, CERTA-2011-AVI-336, CVE-2011-0786]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48135, CVE-2011-0788]

An attacker can use a vulnerability of Java Runtime Environment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48136, CVE-2011-0866]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-48140, CVE-2011-0868]

An attacker can use a vulnerability of NIO, in order to create a denial of service. [severity:2/4; BID-48141, CVE-2011-0872]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-48144, CVE-2011-0867]

An attacker can use a vulnerability of SAAJ, in order to obtain information. [severity:2/4; BID-48146, CVE-2011-0869]

An attacker can use a vulnerability of Deserialization, in order to alter information. [severity:1/4; BID-48147, CVE-2011-0865]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2011-1855

HP NNMi: altering data

Synthesis of the vulnerability

A local attacker can use a vulnerability in HP Network Node Manager i, in order to obtain or alter information and log files.
Impacted products: HPE NNMi.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: user shell.
Creation date: 13/05/2011.
Identifiers: c02821425, CERTA-2011-AVI-289, CVE-2011-1855, SSRT100485, VIGILANCE-VUL-10650.

Description of the vulnerability

A local attacker can use a vulnerability in HP Network Node Manager i, in order to obtain or alter information and log files.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2011-1534

HP NNMi: code execution

Synthesis of the vulnerability

A remote attacker can execute code in Network Node Manager i.
Impacted products: HPE NNMi.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 19/04/2011.
Identifiers: BID-47420, c02788734, CERTA-2011-AVI-237, CVE-2011-1534, HPSBMA02659, QCCR1B87364, SSRT100440, VIGILANCE-VUL-10575.

Description of the vulnerability

The HP NNMi (Network Node Manager i) product is used to manage networks.

A remote attacker can execute code in Network Node Manager i.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HPE NNMi: