The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Juniper Steel Belted Radius

vulnerability note CVE-2018-1000613

Bouncy Castle Java Cryptography Extension: vulnerability via XMSS Private Keys Deserialization

Synthesis of the vulnerability

A vulnerability via XMSS Private Keys Deserialization of Bouncy Castle Java Cryptography Extension was announced.
Severity: 2/4.
Creation date: 02/07/2018.
Identifiers: CERTFR-2019-AVI-325, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-1000613, FEDORA-2018-e6894349c9, JSA10939, openSUSE-SU-2018:2131-1, openSUSE-SU-2018:2180-1, VIGILANCE-VUL-26596.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A vulnerability via XMSS Private Keys Deserialization of Bouncy Castle Java Cryptography Extension was announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1000180

Bouncy Castle: vulnerability via RSA Digital Signature Prime Generation

Synthesis of the vulnerability

A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Severity: 1/4.
Creation date: 06/06/2018.
Identifiers: CERTFR-2019-AVI-325, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-1000180, DSA-4233-1, FEDORA-2018-ceced55c5e, FEDORA-2018-da9fe79871, JSA10939, openSUSE-SU-2018:2820-1, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, RHSA-2018:2669-01, VIGILANCE-VUL-26323.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2015-2080

Eclipse Jetty: information disclosure

Synthesis of the vulnerability

A local attacker can read a memory fragment of Eclipse Jetty, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 12/04/2018.
Identifiers: CVE-2015-2080, JSA10849, NTAP-20190307-0005, VIGILANCE-VUL-25851.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a memory fragment of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2018-5382

Bouncy Castle: information disclosure via BKS-V1

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via BKS-V1 of Bouncy Castle, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 19/03/2018.
Identifiers: CERTFR-2019-AVI-325, CVE-2018-5382, JSA10939, VIGILANCE-VUL-25597, VU#306792.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via BKS-V1 of Bouncy Castle, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2016-1000338 CVE-2016-1000339 CVE-2016-1000340

Bouncy Castle: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Bouncy Castle.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 8.
Creation date: 22/12/2016.
Identifiers: CERTFR-2019-AVI-325, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352, DLA-1418-1, JSA10939, openSUSE-SU-2018:1689-1, RHSA-2018:2669-01, USN-3727-1, VIGILANCE-VUL-21455.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Bouncy Castle.

An attacker can tamper with DSA/ECDSA signed data, without failure of the signature check. [severity:3/4; CVE-2016-1000338, CVE-2016-1000342]

A local attacker can measure the AES implementation speed, in order to get information about the secret key. [severity:1/4; CVE-2016-1000339]

The ECDH implementation of arithmetic for large integers includes carry propagation bugs. [severity:1/4; CVE-2016-1000340]

An attacker can time a DSA signature in order to get information about the private key. [severity:1/4; CVE-2016-1000341]

The default size of DSA keys is too small. [severity:1/4; CVE-2016-1000343]

The ECIES and DHIES algorithm accept the ECB mode. [severity:1/4; CVE-2016-1000344, CVE-2016-1000352]

An attacker can time decryption of blindly modified ciphertext, in order to get information about the corresponding plain text. [severity:1/4; CVE-2016-1000345]

An attacker can make use invalid DH public keys, in order to get information about the related private keys. [severity:1/4; CVE-2016-1000346]
Full Vigil@nce bulletin... (Free trial)

threat CVE-2016-1951

NSPR: buffer overflow via GrowStuff

Synthesis of the vulnerability

An attacker can generate a buffer overflow in GrowStuff of NSPR, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 13/06/2016.
Identifiers: 1174015, CERTFR-2019-AVI-325, CVE-2016-1951, DLA-513-1, DSA-3687-1, JSA10939, USN-3023-1, USN-3028-1, VIGILANCE-VUL-19876.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The NSPR library provides functions for memory management.

The routine GrowStuff reallocates a buffer. However, on 32 bits platform, an arithmetic overflow may occur, which leads to a buffer overflow because the actually allocated size is too small.

An attacker can therefore generate a buffer overflow in GrowStuff of NSPR, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2016-1938

Mozilla NSS: invalid result of mp_div/mp_exptmod

Synthesis of the vulnerability

An attacker can use an error of NSS mp_div and mp_exptmod, in order to bypass some security feature.
Severity: 3/4.
Creation date: 27/01/2016.
Identifiers: CERTFR-2019-AVI-325, CVE-2016-1938, DLA-480-1, DSA-3688-1, JSA10939, MFSA-2016-07, openSUSE-SU-2016:0306-1, openSUSE-SU-2016:0309-1, SUSE-SU-2016:0334-1, SUSE-SU-2016:0338-1, USN-2903-1, USN-2903-2, VIGILANCE-VUL-18824.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Mozilla NSS library provides Multi-Precision computation functions:
 - mp_div : division
 - mp_exptmod : modular exponentiation
They are used by public key algorithms.

However, these functions are incorrectly implemented, and sometimes generate invalid results.

An attacker can therefore use an error of NSS mp_div and mp_exptmod, in order to bypass some security feature.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2015-3196

OpenSSL: use after free via PSK Identify Hint

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via PSK Identify Hint of an OpenSSL multi-threaded client, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1981612, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3196, DSA-3413-1, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, RHSA-2015:2617-01, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, USN-2830-1, VIGILANCE-VUL-18437.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL library can be used by a multi-threaded client.

However, in this case, the SSL_CTX structure does not contain an updated PSK Identify Hint. OpenSSL can thus free twice the same memory area.

An attacker can therefore force the usage of a freed memory area via PSK Identify Hint of an OpenSSL multi-threaded client, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2015-3195

OpenSSL: information disclosure via X509_ATTRIBUTE

Synthesis of the vulnerability

An attacker can read a memory fragment via X509_ATTRIBUTE of OpenSSL processing PKCS#7 or CMS data, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1985739, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, CERTFR-2016-AVI-128, cisco-sa-20151204-openssl, cpuapr2017, cpuoct2016, cpuoct2017, CVE-2015-3195, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10733, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2015:2349-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1327-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:2616-01, RHSA-2015:2617-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, SUSE-SU-2016:0678-1, USN-2830-1, VIGILANCE-VUL-18436.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL library supports the PKCS#7 and CMS formats.

However, if an X509_ATTRIBUTE structure is malformed, OpenSSL does not initialize a memory area before returning it to the user reading PKCS#7 or CMS data.

It can be noted that SSL/TLS is not impacted.

An attacker can therefore read a memory fragment via X509_ATTRIBUTE of OpenSSL processing PKCS#7 or CMS data, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2015-3194

OpenSSL: NULL pointer dereference via Certificate Verification

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced during the certificate verification of OpenSSL (in client or server mode), in order to trigger a denial of service.
Severity: 2/4.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1985739, 1986593, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3194, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, HT209139, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:1327-1, RHSA-2015:2617-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, STORM-2015-017, USN-2830-1, VIGILANCE-VUL-18435.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL library can use the RSA PSS algorithm to check the validity of X.509 certificates.

However, if the "mask generation" parameter is missing during the verification of a signature in ASN.1 format, OpenSSL does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced during the certificate verification of OpenSSL (in client or server mode), in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.