The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Notes

computer vulnerability announce CVE-2013-5870 CVE-2013-5878 CVE-2013-5884

Oracle Java: multiple vulnerabilities of January 2014

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Avamar, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, Domino, Notes, IRAD, Tivoli System Automation, WebSphere AS Traditional, WebSphere MQ, Junos Space, Java OpenJDK, openSUSE, Java Oracle, JavaFX, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 36.
Creation date: 15/01/2014.
Identifiers: 1663938, 1670264, 1671242, 1671245, 1674922, 1675938, 1679983, 4006386, 7014224, BID-64863, BID-64875, BID-64882, BID-64890, BID-64894, BID-64899, BID-64901, BID-64903, BID-64906, BID-64907, BID-64910, BID-64912, BID-64914, BID-64915, BID-64916, BID-64917, BID-64918, BID-64919, BID-64920, BID-64921, BID-64922, BID-64923, BID-64924, BID-64925, BID-64926, BID-64927, BID-64928, BID-64929, BID-64930, BID-64931, BID-64932, BID-64933, BID-64934, BID-64935, BID-64936, BID-64937, c04166777, c04166778, CERTA-2014-AVI-030, CERTFR-2014-AVI-199, CERTFR-2014-AVI-480, CERTFR-2016-AVI-300, cpujan2014, CVE-2013-5870, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5895, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0382, CVE-2014-0385, CVE-2014-0387, CVE-2014-0403, CVE-2014-0408, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, ESA-2014-002, FEDORA-2014-0885, FEDORA-2014-0945, FEDORA-2014-1048, FEDORA-2014-2071, FEDORA-2014-2088, HPSBUX02972, HPSBUX02973, JSA10659, MDVSA-2014:011, openSUSE-SU-2014:0174-1, openSUSE-SU-2014:0177-1, openSUSE-SU-2014:0180-1, RHSA-2014:0026-01, RHSA-2014:0027-01, RHSA-2014:0030-01, RHSA-2014:0097-01, RHSA-2014:0134-01, RHSA-2014:0135-01, RHSA-2014:0136-01, RHSA-2014:0982-01, SOL17381, SSRT101454, SSRT101455, SUSE-SU-2014:0246-1, SUSE-SU-2014:0266-1, SUSE-SU-2014:0266-2, SUSE-SU-2014:0266-3, SUSE-SU-2014:0451-1, USN-2124-1, USN-2124-2, VIGILANCE-VUL-14087, ZDI-14-013, ZDI-14-038.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64915, CVE-2014-0410]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64899, CVE-2014-0415]

An attacker can use a vulnerability of 2D TTF Font Parsing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64894, CVE-2013-5907, ZDI-14-013, ZDI-14-038]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64935, CVE-2014-0428]

An attacker can use a vulnerability of JNDI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64921, CVE-2014-0422]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64901, CVE-2014-0385]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64931, CVE-2013-5889]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64910, CVE-2014-0408]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64863, CVE-2013-5893]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64932, CVE-2014-0417]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64882, CVE-2014-0387]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64919, CVE-2014-0424]

An attacker can use a vulnerability of Serviceability, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64922, CVE-2014-0373]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64927, CVE-2013-5878]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64890, CVE-2013-5904]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64929, CVE-2013-5870]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; BID-64920, CVE-2014-0403]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; BID-64916, CVE-2014-0375]

An attacker can use a vulnerability of Beans, in order to obtain information, or to trigger a denial of service. [severity:2/4; BID-64914, CVE-2014-0423]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64934, CVE-2013-5905]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64903, CVE-2013-5906]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64923, CVE-2013-5902]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64917, CVE-2014-0418]

An attacker can use a vulnerability of Deployment, in order to trigger a denial of service. [severity:2/4; BID-64875, CVE-2013-5887]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-64928, CVE-2013-5899]

An attacker can use a vulnerability of CORBA, in order to trigger a denial of service. [severity:2/4; BID-64926, CVE-2013-5896]

An attacker can use a vulnerability of CORBA, in order to obtain information. [severity:2/4; BID-64924, CVE-2013-5884]

An attacker can use a vulnerability of JAAS, in order to alter information. [severity:2/4; BID-64937, CVE-2014-0416]

An attacker can use a vulnerability of JAXP, in order to alter information. [severity:2/4; BID-64907, CVE-2014-0376]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-64930, CVE-2014-0368]

An attacker can use a vulnerability of Security, in order to alter information. [severity:2/4; BID-64933, CVE-2013-5910]

An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:2/4; BID-64906, CVE-2013-5895]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64925, CVE-2013-5888]

An attacker can use a vulnerability of JavaFX, in order to trigger a denial of service. [severity:2/4; BID-64936, CVE-2014-0382]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; BID-64912, CVE-2013-5898]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; BID-64918, CVE-2014-0411]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-3829 CVE-2013-4002 CVE-2013-5772

Oracle Java: multiple vulnerabilities of October 2013

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, DB2 UDB, Domino, Notes, Tivoli System Automation, WebSphere MQ, ePO, Java OpenJDK, openSUSE, Java Oracle, Puppet, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 51.
Creation date: 16/10/2013.
Identifiers: 1663589, 1663930, 1664550, 1670264, 1671933, BID-63079, BID-63082, BID-63089, BID-63095, BID-63098, BID-63101, BID-63102, BID-63103, BID-63106, BID-63110, BID-63111, BID-63112, BID-63115, BID-63118, BID-63120, BID-63121, BID-63122, BID-63124, BID-63126, BID-63127, BID-63128, BID-63129, BID-63130, BID-63131, BID-63132, BID-63133, BID-63134, BID-63135, BID-63136, BID-63137, BID-63139, BID-63140, BID-63141, BID-63142, BID-63143, BID-63144, BID-63145, BID-63146, BID-63147, BID-63148, BID-63149, BID-63150, BID-63151, BID-63152, BID-63153, BID-63154, BID-63155, BID-63156, BID-63157, BID-63158, c04031205, c04031212, CERTA-2013-AVI-586, CERTFR-2014-AVI-117, CERTFR-2014-AVI-199, cpuoct2013, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805, CVE-2013-5806, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5852, CVE-2013-5854, FEDORA-2013-19285, FEDORA-2013-19338, HPSBUX02943, HPSBUX02944, MDVSA-2013:266, MDVSA-2013:267, openSUSE-SU-2013:1663-1, openSUSE-SU-2013:1968-1, RHSA-2013:1440-01, RHSA-2013:1447-01, RHSA-2013:1451-01, RHSA-2013:1505-01, RHSA-2013:1507-01, RHSA-2013:1508-01, RHSA-2013:1509-01, RHSA-2013:1793-01, RHSA-2014:1319-01, RHSA-2014:1818-01, RHSA-2014:1821-01, RHSA-2014:1822-01, RHSA-2014:1823-01, RHSA-2015:0269-01, RHSA-2015:0675-01, RHSA-2015:0773-01, SB10058, SE-2012-01, SOL16872, SOL48802597, SUSE-SU-2013:1666-1, SUSE-SU-2013:1669-1, SUSE-SU-2013:1677-2, SUSE-SU-2013:1677-3, VIGILANCE-VUL-13601, VMSA-2014-0002, ZDI-13-244, ZDI-13-245, ZDI-13-246, ZDI-13-247, ZDI-13-248.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63103, CVE-2013-5782]

An attacker can use a vulnerability of Libraries via LDAP Deserialization, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63121, CVE-2013-5830, ZDI-13-248]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63118, CVE-2013-5809]

An attacker can use a vulnerability of 2D via FileImageInputStream, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63137, CVE-2013-5829, ZDI-13-247]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63143, CVE-2013-5814]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63139, CVE-2013-5824]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63145, CVE-2013-5788]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63155, CVE-2013-5787]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63156, CVE-2013-5789]

An attacker can use a vulnerability of JNDI via LdapCtx, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63146, CVE-2013-5817, ZDI-13-244]

An attacker can use a vulnerability of Libraries via ObjectOutputStream, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63150, CVE-2013-5842, ZDI-13-246]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63151, CVE-2013-5843]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63158, CVE-2013-5832]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63153, CVE-2013-5850]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63131, CVE-2013-5838]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63112, CVE-2013-5805]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63122, CVE-2013-5806]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63127, CVE-2013-5846]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63132, CVE-2013-5810]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63136, CVE-2013-5844]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63140, CVE-2013-5777]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63130, CVE-2013-5852]

An attacker can use a vulnerability of JAXP, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63135, CVE-2013-5802]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63144, CVE-2013-5775]

An attacker can use a vulnerability of Javadoc, in order to obtain or alter information. [severity:3/4; BID-63149, CVE-2013-5804]

An attacker can use a vulnerability of Deployment, in order to obtain information, or to trigger a denial of service. [severity:3/4; BID-63126, CVE-2013-5812]

An attacker can use a vulnerability of Libraries, in order to obtain or alter information. [severity:3/4; BID-63120, CVE-2013-3829]

An attacker can use a vulnerability of Swing NumberFormatter and RealTimeSequencer, in order to obtain or alter information. [severity:3/4; BID-63154, CVE-2013-5783, ZDI-13-245]

An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; BID-63101, CVE-2013-5825]

An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2013-4002]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; BID-63110, CVE-2013-5823]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-63134, CVE-2013-5778]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-63147, CVE-2013-5801]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63152, CVE-2013-5776]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63157, CVE-2013-5818]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63141, CVE-2013-5819]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63129, CVE-2013-5831]

An attacker can use a vulnerability of JAX-WS, in order to alter information. [severity:2/4; BID-63133, CVE-2013-5820]

An attacker can use a vulnerability of JAXP, in order to obtain information. [severity:2/4; BID-63142, CVE-2013-5851]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-63148, CVE-2013-5840]

An attacker can use a vulnerability of Libraries, in order to alter information. [severity:2/4; BID-63128, CVE-2013-5774]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63124, CVE-2013-5848]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-63115, CVE-2013-5780]

An attacker can use a vulnerability of JGSS, in order to obtain information. [severity:2/4; BID-63111, CVE-2013-5800]

An attacker can use a vulnerability of AWT, in order to obtain information. [severity:2/4; BID-63106, CVE-2013-5849]

An attacker can use a vulnerability of BEANS, in order to obtain information. [severity:2/4; BID-63102, CVE-2013-5790]

An attacker can use a vulnerability of SCRIPTING, in order to alter information. [severity:2/4; BID-63098, CVE-2013-5784]

An attacker can use a vulnerability of Javadoc, in order to alter information. [severity:2/4; BID-63095, CVE-2013-5797]

An attacker can use a vulnerability of jhat, in order to alter information. [severity:1/4; BID-63089, CVE-2013-5772]

An attacker can use a vulnerability of JGSS, in order to trigger a denial of service. [severity:1/4; BID-63082, CVE-2013-5803]

An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:1/4; BID-63079, CVE-2013-5854]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-1500 CVE-2013-1571 CVE-2013-2400

Oracle JRE, JDK, JavaFX: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle JRE, JDK, JavaFX.
Impacted products: Debian, Fedora, HP-UX, Domino, Notes, Tivoli System Automation, WebSphere MQ, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 40.
Creation date: 19/06/2013.
Identifiers: 1648416, 1650599, 1657132, BID-60617, BID-60618, BID-60619, BID-60620, BID-60621, BID-60622, BID-60623, BID-60624, BID-60625, BID-60626, BID-60627, BID-60629, BID-60630, BID-60631, BID-60632, BID-60633, BID-60634, BID-60635, BID-60636, BID-60637, BID-60638, BID-60639, BID-60640, BID-60641, BID-60643, BID-60644, BID-60645, BID-60646, BID-60647, BID-60649, BID-60650, BID-60651, BID-60652, BID-60653, BID-60654, BID-60655, BID-60656, BID-60657, BID-60658, BID-60659, c03868911, c03874547, c03898880, CERTA-2013-AVI-361, CERTFR-2014-AVI-244, CVE-2013-1500, CVE-2013-1571, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2467, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3744, DSA-2722-1, DSA-2727-1, FEDORA-2013-11281, FEDORA-2013-11285, HPSBUX02907, HPSBUX02908, HPSBUX02922, IC94453, javacpujun2013, KLYH95CMCJ, MDVSA-2013:183, MDVSA-2013:196, openSUSE-SU-2013:1247-1, openSUSE-SU-2013:1288-1, PSA-2013-0811-1, PSA-2013-0813-1, PSA-2013-0819-1, PSA-2013-0827-1, RHSA-2013:0957-01, RHSA-2013:0958-01, RHSA-2013:0963-01, RHSA-2013:1014-01, RHSA-2013:1059-01, RHSA-2013:1060-01, RHSA-2013:1081-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT101305, SUSE-SU-2013:1238-1, SUSE-SU-2013:1254-1, SUSE-SU-2013:1255-1, SUSE-SU-2013:1255-2, SUSE-SU-2013:1255-3, SUSE-SU-2013:1256-1, SUSE-SU-2013:1257-1, SUSE-SU-2013:1263-1, SUSE-SU-2013:1263-2, SUSE-SU-2013:1264-1, SUSE-SU-2013:1293-2, SUSE-SU-2013:1305-1, swg21641098, swg21644918, VIGILANCE-VUL-12992, VMSA-2013-0006.1, VMSA-2013-0009.1, VMSA-2013-0012.1, VU#225657, ZDI-13-132, ZDI-13-151, ZDI-13-152, ZDI-13-153, ZDI-13-154, ZDI-13-155, ZDI-13-156, ZDI-13-157, ZDI-13-158, ZDI-13-159, ZDI-13-160.

Description of the vulnerability

Several vulnerabilities were announced in Oracle JRE, JDK, JavaFX.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60651, CVE-2013-2470, ZDI-13-158]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60659, CVE-2013-2471, ZDI-13-152]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60656, CVE-2013-2472, ZDI-13-151]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60623, CVE-2013-2473, ZDI-13-154]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60655, CVE-2013-2463, ZDI-13-156]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60631, CVE-2013-2464, ZDI-13-157]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60657, CVE-2013-2465, ZDI-13-153]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60658, CVE-2013-2469, ZDI-13-155]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60647, CVE-2013-2459, PSA-2013-0811-1]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60637, CVE-2013-2468]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60624, CVE-2013-2466]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-60626, CVE-2013-3743]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60630, CVE-2013-2462]

An attacker can use a vulnerability of Serviceability, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-60635, CVE-2013-2460]

An attacker can use a vulnerability of Hotspot, in order to create a denial of service. [severity:2/4; BID-60639, CVE-2013-2445]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60640, CVE-2013-2448, ZDI-13-160]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60643, CVE-2013-2442]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60645, CVE-2013-2461]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60649, CVE-2013-2467]

An attacker can use a vulnerability of Libraries, in order to obtain information, or to create a denial of service. [severity:3/4; BID-60653, CVE-2013-2407]

An attacker can use a vulnerability of JDBC, in order to obtain or alter information. [severity:2/4; BID-60650, CVE-2013-2454]

An attacker can use a vulnerability of Libraries, in order to obtain or alter information. [severity:2/4; BID-60652, CVE-2013-2458]

An attacker can use a vulnerability of AWT, in order to create a denial of service. [severity:2/4; BID-60633, CVE-2013-2444]

An attacker can use a vulnerability of CORBA, in order to obtain information. [severity:2/4; BID-60620, CVE-2013-2446]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-60636, CVE-2013-2437]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-60621, CVE-2013-2400]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-60654, CVE-2013-3744]

An attacker can use a vulnerability of JMX, in order to alter information. [severity:2/4; BID-60632, CVE-2013-2457]

An attacker can use a vulnerability of JMX, in order to alter information. [severity:2/4; BID-60644, CVE-2013-2453]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-60646, CVE-2013-2443]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-60617, CVE-2013-2452]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-60619, CVE-2013-2455, ZDI-13-159]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-60629, CVE-2013-2447]

An attacker can use a vulnerability of Serialization, in order to create a denial of service. [severity:2/4; BID-60638, CVE-2013-2450]

An attacker can use a vulnerability of Serialization, in order to obtain information. [severity:2/4; BID-60641, CVE-2013-2456]

An attacker can use a vulnerability of Serviceability, in order to obtain information. [severity:2/4; BID-60618, CVE-2013-2412]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-60622, CVE-2013-2449]

An attacker can use a vulnerability of Javadoc, in order to alter information (VIGILANCE-VUL-13106). [severity:2/4; BID-60634, CVE-2013-1571, swg21641098, VU#225657]

An attacker can use a vulnerability of Networking, in order to alter information. [severity:2/4; BID-60625, CVE-2013-2451]

An attacker can use a vulnerability of 2D, in order to obtain or alter information. [severity:1/4; BID-60627, CVE-2013-1500]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-0536

IBM Notes: privilege escalation via ntmulti.exe

Synthesis of the vulnerability

A local attacker can use the IBM Notes Multi User Profile Cleanup feature, in order to execute code with privileges of the next user.
Impacted products: Notes.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 13/06/2013.
Identifiers: BID-60554, CERTA-2013-AVI-357, CVE-2013-0536, swg21633827, VIGILANCE-VUL-12978.

Description of the vulnerability

The IBM Notes Multi User Profile Cleanup (ntmulti.exe) service manages roaming users.

However, a local attacker can install a trojan, which is executed when the next user logs on the system.

A local attacker can therefore use the IBM Notes Multi User Profile Cleanup feature, in order to execute code with privileges of the next user.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-0534

IBM Notes: password reading in memory

Synthesis of the vulnerability

A local attacker, who can access to the memory of processes, can read recently used passwords.
Impacted products: Notes.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: user shell.
Creation date: 13/06/2013.
Identifiers: CERTA-2013-AVI-357, CVE-2013-0534, SPR#JMOY95H59S, SPR# NPEI95BQLK, swg21636154, VIGILANCE-VUL-12977.

Description of the vulnerability

The IBM Notes product manages password.

When these passwords are no longer needed, the product should reset the memory area which contained these passwords. However, IBM Notes does not do it.

A local attacker, who can access to the memory of processes, can therefore read recently used passwords.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-0522

IBM Notes: password disclosure via Client Single Logon

Synthesis of the vulnerability

When Notes Client Single Logon is enabled, a local attacker can obtain the IBM Lotus Notes user's password.
Impacted products: Notes.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user shell.
Creation date: 14/05/2013.
Identifiers: BID-59809, CVE-2013-0522, swg21634508, VIGILANCE-VUL-12792.

Description of the vulnerability

The Notes Client Single Logon feature is used to synchronize the Windows and IBM Lotus Notes passwords.

However, a local attacker can capture the password.

When Notes Client Single Logon is enabled, a local attacker can therefore obtain the IBM Lotus Notes user's password.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-2977

IBM Notes: integer overflow of PNG

Synthesis of the vulnerability

An attacker can send an email containing a malicious PNG image, to generate an integer overflow in IBM Notes, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Notes.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 07/05/2013.
Identifiers: BID-59693, CERTA-2013-AVI-357, CVE-2013-2977, swg21633819, swg21635878, VIGILANCE-VUL-12767.

Description of the vulnerability

An attacker can send an email containing a malicious PNG image, to generate an integer overflow in IBM Notes, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-0127 CVE-2013-0538

IBM Lotus Notes: injection of Java and JavaScript in emails

Synthesis of the vulnerability

An attacker can send an email containing malicious Java, LiveConnect or JavaScript code, so it is executed when the victim open his IBM Lotus Notes mailbox.
Impacted products: Notes.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/05/2013.
Identifiers: BID-59589, BID-59590, CERTA-2013-AVI-286, CVE-2013-0127, CVE-2013-0538, n.runs-SA-2013.005, swg21633819, VIGILANCE-VUL-12740, VU#912420.

Description of the vulnerability

The Lotus Notes client displays HTML emails, and enables by default :
 - Java applets
 - LiveConnect
 - JavaScript code

However, for example, if a vulnerable version of the JRE is installed on the system, the Lotus Notes client can be used as an attack vector.

An attacker can therefore send an email containing malicious Java, LiveConnect or JavaScript code, so it is executed when the victim open his IBM Lotus Notes mailbox.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-0401 CVE-2013-0402 CVE-2013-1488

Oracle JRE, JDK, JavaFX: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Oracle JRE, JDK and JavaFX can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Fedora, HP-UX, Domino, Notes, Tivoli System Automation, Junos Space, Junos Space Network Management Platform, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 42.
Creation date: 17/04/2013.
Identifiers: BID-59088, BID-59089, BID-59124, BID-59128, BID-59131, BID-59137, BID-59141, BID-59145, BID-59149, BID-59153, BID-59154, BID-59159, BID-59162, BID-59165, BID-59166, BID-59167, BID-59170, BID-59172, BID-59175, BID-59178, BID-59179, BID-59184, BID-59185, BID-59187, BID-59190, BID-59191, BID-59194, BID-59195, BID-59203, BID-59206, BID-59208, BID-59212, BID-59213, BID-59219, BID-59220, BID-59228, BID-59234, BID-59243, bulletinoct2015, c03874547, c03898880, CERTA-2013-AVI-256, CVE-2013-0401, CVE-2013-0402, CVE-2013-1488, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425, CVE-2013-2426, CVE-2013-2427, CVE-2013-2428, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2439, CVE-2013-2440, FEDORA-2013-5922, FEDORA-2013-5958, HPSBUX02908, HPSBUX02922, javacpuapr2013, KLYH95CMCJ, MDVSA-2013:145, MDVSA-2013:161, openSUSE-SU-2013:0745-1, openSUSE-SU-2013:0777-1, openSUSE-SU-2013:0964-1, openSUSE-SU-2013:0993-1, RHSA-2013:0751-01, RHSA-2013:0752-01, RHSA-2013:0757-01, RHSA-2013:0758-01, RHSA-2013:0770-01, RHSA-2013:0822-01, RHSA-2013:0823-01, RHSA-2013:0855-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SA-20130417-1, SE-2012-01, SSRT101305, SUSE-SU-2013:0814-1, SUSE-SU-2013:0835-1, SUSE-SU-2013:0835-2, SUSE-SU-2013:0835-3, SUSE-SU-2013:0871-1, SUSE-SU-2013:0871-2, SUSE-SU-2013:0934-1, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12678, ZDI-13-068, ZDI-13-069, ZDI-13-070, ZDI-13-071, ZDI-13-072, ZDI-13-073, ZDI-13-074, ZDI-13-075, ZDI-13-076, ZDI-13-077, ZDI-13-078, ZDI-13-079, ZDI-13-089.

Description of the vulnerability

Several vulnerabilities were announced in Oracle JRE, JDK and JavaFX. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of ICU 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59190, CVE-2013-2383, ZDI-13-070]

An attacker can use a vulnerability of ICU 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59179, CVE-2013-2384, ZDI-13-068]

An attacker can use a vulnerability of ICU 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59166, CVE-2013-1569, ZDI-13-069]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59137, CVE-2013-2434, ZDI-13-071]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59154, CVE-2013-2432]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59167, CVE-2013-2420, ZDI-13-073]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2013-1491, ZDI-13-078]

An attacker can use a vulnerability of Beans, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59219, CVE-2013-1558]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59124, CVE-2013-2440]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59089, CVE-2013-2435]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59165, CVE-2013-2431]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59191, CVE-2013-2425]

An attacker can use a vulnerability of JAXP, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59141, CVE-2013-1518]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59234, CVE-2013-2414]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59175, CVE-2013-2428, ZDI-13-074]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59128, CVE-2013-2427]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59228, CVE-2013-2422]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59194, CVE-2013-1537]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59170, CVE-2013-1557]

An attacker can use a vulnerability of HotSpot, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59153, CVE-2013-2421]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2013-0402, ZDI-13-077]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59206, CVE-2013-2426, ZDI-13-075]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59213, CVE-2013-2436, ZDI-13-079]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2013-1488, ZDI-13-076]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59172, CVE-2013-2394, ZDI-13-072]

An attacker can use a vulnerability of ImageIO, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59243, CVE-2013-2430]

An attacker can use a vulnerability of ImageIO, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59184, CVE-2013-2429]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59208, CVE-2013-1563]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59178, CVE-2013-2439]

An attacker can use a vulnerability of AWT, in order to obtain or alter information. [severity:3/4; CVE-2013-0401, ZDI-13-089]

An attacker can use a vulnerability of ICU 2D, in order to create a denial of service. [severity:2/4; BID-59131, CVE-2013-2419]

An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; BID-59159, CVE-2013-2424]

An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:2/4; BID-59203, CVE-2013-1561]

An attacker can use a vulnerability of JavaFX, in order to alter information. [severity:2/4; BID-59195, CVE-2013-1564]

An attacker can use a vulnerability of JavaFX, in order to alter information. [severity:2/4; BID-59185, CVE-2013-2438]

An attacker can use a vulnerability of Networking, in order to create a denial of service. [severity:2/4; BID-59187, CVE-2013-2417]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-59145, CVE-2013-2418]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-59088, CVE-2013-2416, SA-20130417-1]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-59220, CVE-2013-2433]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-59149, CVE-2013-1540]

An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; BID-59162, CVE-2013-2423]

An attacker can use a vulnerability of JAX-WS, in order to obtain information. [severity:1/4; BID-59212, CVE-2013-2415]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2011-3026 CVE-2012-6277 CVE-2012-6349

IBM Notes: three vulnerabilities

Synthesis of the vulnerability

An attacker can use three vulnerabilities of IBM Notes, in order to execute code or to trigger a denial of service.
Impacted products: Notes.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 25/03/2013.
Identifiers: BID-56610, BID-58650, CERTA-2012-AVI-677, CERTA-2013-AVI-198, CVE-2011-3026, CVE-2012-6277, CVE-2012-6349, KLYH8UDNXD, KLYH92XL3W, swg21627992, VIGILANCE-VUL-12554, YBJG8WH5JP.

Description of the vulnerability

Three vulnerabilities were announced in IBM Notes.

An attacker can invite the victim to open a malicious PNG image with an application linked to libpng, in order to create an overflow, which stops the application, or leads to code execution (VIGILANCE-VUL-11371). [severity:3/4; CVE-2011-3026, KLYH8UDNXD]

An attacker can use a vulnerability of the ".mdb" format processing by Autonomy KeyView, in order to execute code. [severity:3/4; BID-58650, CVE-2012-6349, KLYH92XL3W]

An attacker can use several vulnerabilities of Autonomy KeyView, in order to execute code (VIGILANCE-VUL-12179). [severity:3/4; BID-56610, CERTA-2012-AVI-677, CVE-2012-6277, YBJG8WH5JP]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Notes: