The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Notes

computer threat CVE-2014-0963

IBM GSKit: infinite loop of SSL

Synthesis of the vulnerability

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 20/05/2014.
Identifiers: 1610582, 1671732, 1672724, 1673008, 1673018, 1673666, 1673696, 1674047, 1674824, 1674825, 1681114, 7042179, CVE-2014-0963, VIGILANCE-VUL-14775.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The IBM Global Security Kit (GSKit) suite implements the support of SSL/TLS for several IBM applications.

However, some SSL messages generate an infinite loop in GSKit.

An attacker can therefore send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2014-0892

IBM Domino, Notes: code execution via Linux 32 bit

Synthesis of the vulnerability

An attacker can use a vulnerability of IBM Domino/Notes on Linux 32 bits, in order to execute code.
Severity: 2/4.
Creation date: 22/04/2014.
Identifiers: 1670264, CERTFR-2014-AVI-199, CVE-2014-0892, KLYH9GGS9W, VIGILANCE-VUL-14627, VU#350089.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The IBM Domino and Notes product can be installed on Linux 32 bits.

However, an attacker can inject code on this platform.

An attacker can therefore use a vulnerability of IBM Domino/Notes on Linux 32 bits, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2013-6629 CVE-2013-6954 CVE-2014-0429

Oracle Java: multiple vulnerabilities of April 2014

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 37.
Creation date: 16/04/2014.
Identifiers: 1680562, 1681114, 7014224, BID-64493, c04398922, c04398943, CERTFR-2014-AVI-185, CERTFR-2014-AVI-382, CERTFR-2014-AVI-480, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, cpuapr2014, CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0463, CVE-2014-0464, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2410, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428, DSA-2912-1, DSA-2923-1, ESA-2014-044, FEDORA-2014-5277, FEDORA-2014-5280, FEDORA-2014-5290, FEDORA-2014-5336, HPSBUX03091, HPSBUX03092, JSA10659, JSA10698, MDVSA-2014:100, openSUSE-SU-2014:1638-1, openSUSE-SU-2014:1645-1, RHSA-2014:0406-01, RHSA-2014:0407-01, RHSA-2014:0408-01, RHSA-2014:0412-01, RHSA-2014:0413-02, RHSA-2014:0414-01, RHSA-2014:0486-01, RHSA-2014:0508-01, RHSA-2014:0509-01, RHSA-2014:0675-01, RHSA-2014:0685-01, RHSA-2014:0982-01, SB10072, SSRT101667, SSRT101668, SUSE-SU-2014:0639-1, SUSE-SU-2014:0728-1, SUSE-SU-2014:0728-2, SUSE-SU-2014:0728-3, SUSE-SU-2014:0733-1, SUSE-SU-2014:0733-2, USN-2187-1, USN-2191-1, VIGILANCE-VUL-14599, VMSA-2014-0008, VU#650142, ZDI-14-102, ZDI-14-103, ZDI-14-104, ZDI-14-105, ZDI-14-114.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0429]

An attacker can use a vulnerability of Libraries ScriptEngineManager, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0457, ZDI-14-105]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0456, ZDI-14-114]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2421, ZDI-14-102]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2410]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2397]

An attacker can use a vulnerability of Libraries permuteArguments, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0432, ZDI-14-104]

An attacker can use a vulnerability of Libraries DropArguments, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0455, ZDI-14-103]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0461]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0448]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2428]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2412]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0451]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0458]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2423]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0452]

An attacker can use a vulnerability of JAXB, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2414]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2402]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0446]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0454]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2427]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2422]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; CVE-2014-2409]

An attacker can use a vulnerability of JNDI, in order to obtain or alter information. [severity:2/4; CVE-2014-0460]

An attacker can create a malicious image, to dereference a NULL pointer in the png_do_expand_palette() function of libpng, in order to trigger a denial of service. (VIGILANCE-VUL-13989). [severity:2/4; BID-64493, CVE-2013-6954, VU#650142]

An attacker can use a vulnerability of AWT, in order to obtain information (VIGILANCE-VUL-18980). [severity:2/4; CVE-2013-6629]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; CVE-2014-0449]

An attacker can use a vulnerability of JAXP, in order to obtain information. [severity:2/4; CVE-2014-2403]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2014-2401]

An attacker can use a vulnerability of Scripting, in order to obtain information. [severity:2/4; CVE-2014-0463]

An attacker can use a vulnerability of Scripting, in order to obtain information. [severity:2/4; CVE-2014-0464]

An attacker can use a vulnerability of 2D, in order to trigger a denial of service. [severity:2/4; CVE-2014-0459]

An attacker can use a vulnerability of Libraries, in order to alter information. [severity:2/4; CVE-2014-2413]

An attacker can use a vulnerability of Security, in order to obtain or alter information. [severity:2/4; CVE-2014-0453]

An attacker can use a vulnerability of Javadoc, in order to alter information. [severity:1/4; CVE-2014-2398]

A local attacker can create a symbolic link named /tmp/unpack.log, in order to alter the pointed file, with privileges of unpack200 (VIGILANCE-VUL-14196). [severity:1/4; CVE-2014-1876]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:1/4; CVE-2014-2420]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-5870 CVE-2013-5878 CVE-2013-5884

Oracle Java: multiple vulnerabilities of January 2014

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 36.
Creation date: 15/01/2014.
Identifiers: 1663938, 1670264, 1671242, 1671245, 1674922, 1675938, 1679983, 4006386, 7014224, BID-64863, BID-64875, BID-64882, BID-64890, BID-64894, BID-64899, BID-64901, BID-64903, BID-64906, BID-64907, BID-64910, BID-64912, BID-64914, BID-64915, BID-64916, BID-64917, BID-64918, BID-64919, BID-64920, BID-64921, BID-64922, BID-64923, BID-64924, BID-64925, BID-64926, BID-64927, BID-64928, BID-64929, BID-64930, BID-64931, BID-64932, BID-64933, BID-64934, BID-64935, BID-64936, BID-64937, c04166777, c04166778, CERTA-2014-AVI-030, CERTFR-2014-AVI-199, CERTFR-2014-AVI-480, CERTFR-2016-AVI-300, cpujan2014, CVE-2013-5870, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5895, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0382, CVE-2014-0385, CVE-2014-0387, CVE-2014-0403, CVE-2014-0408, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, ESA-2014-002, FEDORA-2014-0885, FEDORA-2014-0945, FEDORA-2014-1048, FEDORA-2014-2071, FEDORA-2014-2088, HPSBUX02972, HPSBUX02973, JSA10659, MDVSA-2014:011, openSUSE-SU-2014:0174-1, openSUSE-SU-2014:0177-1, openSUSE-SU-2014:0180-1, RHSA-2014:0026-01, RHSA-2014:0027-01, RHSA-2014:0030-01, RHSA-2014:0097-01, RHSA-2014:0134-01, RHSA-2014:0135-01, RHSA-2014:0136-01, RHSA-2014:0982-01, SOL17381, SSRT101454, SSRT101455, SUSE-SU-2014:0246-1, SUSE-SU-2014:0266-1, SUSE-SU-2014:0266-2, SUSE-SU-2014:0266-3, SUSE-SU-2014:0451-1, USN-2124-1, USN-2124-2, VIGILANCE-VUL-14087, ZDI-14-013, ZDI-14-038.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64915, CVE-2014-0410]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64899, CVE-2014-0415]

An attacker can use a vulnerability of 2D TTF Font Parsing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64894, CVE-2013-5907, ZDI-14-013, ZDI-14-038]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64935, CVE-2014-0428]

An attacker can use a vulnerability of JNDI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64921, CVE-2014-0422]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64901, CVE-2014-0385]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64931, CVE-2013-5889]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64910, CVE-2014-0408]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64863, CVE-2013-5893]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64932, CVE-2014-0417]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64882, CVE-2014-0387]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64919, CVE-2014-0424]

An attacker can use a vulnerability of Serviceability, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64922, CVE-2014-0373]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64927, CVE-2013-5878]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64890, CVE-2013-5904]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64929, CVE-2013-5870]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; BID-64920, CVE-2014-0403]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; BID-64916, CVE-2014-0375]

An attacker can use a vulnerability of Beans, in order to obtain information, or to trigger a denial of service. [severity:2/4; BID-64914, CVE-2014-0423]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64934, CVE-2013-5905]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64903, CVE-2013-5906]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64923, CVE-2013-5902]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64917, CVE-2014-0418]

An attacker can use a vulnerability of Deployment, in order to trigger a denial of service. [severity:2/4; BID-64875, CVE-2013-5887]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-64928, CVE-2013-5899]

An attacker can use a vulnerability of CORBA, in order to trigger a denial of service. [severity:2/4; BID-64926, CVE-2013-5896]

An attacker can use a vulnerability of CORBA, in order to obtain information. [severity:2/4; BID-64924, CVE-2013-5884]

An attacker can use a vulnerability of JAAS, in order to alter information. [severity:2/4; BID-64937, CVE-2014-0416]

An attacker can use a vulnerability of JAXP, in order to alter information. [severity:2/4; BID-64907, CVE-2014-0376]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-64930, CVE-2014-0368]

An attacker can use a vulnerability of Security, in order to alter information. [severity:2/4; BID-64933, CVE-2013-5910]

An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:2/4; BID-64906, CVE-2013-5895]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64925, CVE-2013-5888]

An attacker can use a vulnerability of JavaFX, in order to trigger a denial of service. [severity:2/4; BID-64936, CVE-2014-0382]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; BID-64912, CVE-2013-5898]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; BID-64918, CVE-2014-0411]
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2013-3829 CVE-2013-4002 CVE-2013-5772

Oracle Java: multiple vulnerabilities of October 2013

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 51.
Creation date: 16/10/2013.
Identifiers: 1663589, 1663930, 1664550, 1670264, 1671933, BID-63079, BID-63082, BID-63089, BID-63095, BID-63098, BID-63101, BID-63102, BID-63103, BID-63106, BID-63110, BID-63111, BID-63112, BID-63115, BID-63118, BID-63120, BID-63121, BID-63122, BID-63124, BID-63126, BID-63127, BID-63128, BID-63129, BID-63130, BID-63131, BID-63132, BID-63133, BID-63134, BID-63135, BID-63136, BID-63137, BID-63139, BID-63140, BID-63141, BID-63142, BID-63143, BID-63144, BID-63145, BID-63146, BID-63147, BID-63148, BID-63149, BID-63150, BID-63151, BID-63152, BID-63153, BID-63154, BID-63155, BID-63156, BID-63157, BID-63158, c04031205, c04031212, CERTA-2013-AVI-586, CERTFR-2014-AVI-117, CERTFR-2014-AVI-199, cpuoct2013, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805, CVE-2013-5806, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5852, CVE-2013-5854, FEDORA-2013-19285, FEDORA-2013-19338, HPSBUX02943, HPSBUX02944, MDVSA-2013:266, MDVSA-2013:267, openSUSE-SU-2013:1663-1, openSUSE-SU-2013:1968-1, RHSA-2013:1440-01, RHSA-2013:1447-01, RHSA-2013:1451-01, RHSA-2013:1505-01, RHSA-2013:1507-01, RHSA-2013:1508-01, RHSA-2013:1509-01, RHSA-2013:1793-01, RHSA-2014:1319-01, RHSA-2014:1818-01, RHSA-2014:1821-01, RHSA-2014:1822-01, RHSA-2014:1823-01, RHSA-2015:0269-01, RHSA-2015:0675-01, RHSA-2015:0773-01, SB10058, SE-2012-01, SOL16872, SOL48802597, SUSE-SU-2013:1666-1, SUSE-SU-2013:1669-1, SUSE-SU-2013:1677-2, SUSE-SU-2013:1677-3, VIGILANCE-VUL-13601, VMSA-2014-0002, ZDI-13-244, ZDI-13-245, ZDI-13-246, ZDI-13-247, ZDI-13-248.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63103, CVE-2013-5782]

An attacker can use a vulnerability of Libraries via LDAP Deserialization, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63121, CVE-2013-5830, ZDI-13-248]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63118, CVE-2013-5809]

An attacker can use a vulnerability of 2D via FileImageInputStream, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63137, CVE-2013-5829, ZDI-13-247]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63143, CVE-2013-5814]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63139, CVE-2013-5824]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63145, CVE-2013-5788]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63155, CVE-2013-5787]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63156, CVE-2013-5789]

An attacker can use a vulnerability of JNDI via LdapCtx, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63146, CVE-2013-5817, ZDI-13-244]

An attacker can use a vulnerability of Libraries via ObjectOutputStream, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63150, CVE-2013-5842, ZDI-13-246]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63151, CVE-2013-5843]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63158, CVE-2013-5832]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63153, CVE-2013-5850]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63131, CVE-2013-5838]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63112, CVE-2013-5805]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63122, CVE-2013-5806]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63127, CVE-2013-5846]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63132, CVE-2013-5810]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63136, CVE-2013-5844]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63140, CVE-2013-5777]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63130, CVE-2013-5852]

An attacker can use a vulnerability of JAXP, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63135, CVE-2013-5802]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63144, CVE-2013-5775]

An attacker can use a vulnerability of Javadoc, in order to obtain or alter information. [severity:3/4; BID-63149, CVE-2013-5804]

An attacker can use a vulnerability of Deployment, in order to obtain information, or to trigger a denial of service. [severity:3/4; BID-63126, CVE-2013-5812]

An attacker can use a vulnerability of Libraries, in order to obtain or alter information. [severity:3/4; BID-63120, CVE-2013-3829]

An attacker can use a vulnerability of Swing NumberFormatter and RealTimeSequencer, in order to obtain or alter information. [severity:3/4; BID-63154, CVE-2013-5783, ZDI-13-245]

An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; BID-63101, CVE-2013-5825]

An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2013-4002]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; BID-63110, CVE-2013-5823]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-63134, CVE-2013-5778]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-63147, CVE-2013-5801]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63152, CVE-2013-5776]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63157, CVE-2013-5818]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63141, CVE-2013-5819]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63129, CVE-2013-5831]

An attacker can use a vulnerability of JAX-WS, in order to alter information. [severity:2/4; BID-63133, CVE-2013-5820]

An attacker can use a vulnerability of JAXP, in order to obtain information. [severity:2/4; BID-63142, CVE-2013-5851]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-63148, CVE-2013-5840]

An attacker can use a vulnerability of Libraries, in order to alter information. [severity:2/4; BID-63128, CVE-2013-5774]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63124, CVE-2013-5848]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-63115, CVE-2013-5780]

An attacker can use a vulnerability of JGSS, in order to obtain information. [severity:2/4; BID-63111, CVE-2013-5800]

An attacker can use a vulnerability of AWT, in order to obtain information. [severity:2/4; BID-63106, CVE-2013-5849]

An attacker can use a vulnerability of BEANS, in order to obtain information. [severity:2/4; BID-63102, CVE-2013-5790]

An attacker can use a vulnerability of SCRIPTING, in order to alter information. [severity:2/4; BID-63098, CVE-2013-5784]

An attacker can use a vulnerability of Javadoc, in order to alter information. [severity:2/4; BID-63095, CVE-2013-5797]

An attacker can use a vulnerability of jhat, in order to alter information. [severity:1/4; BID-63089, CVE-2013-5772]

An attacker can use a vulnerability of JGSS, in order to trigger a denial of service. [severity:1/4; BID-63082, CVE-2013-5803]

An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:1/4; BID-63079, CVE-2013-5854]
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2013-1500 CVE-2013-1571 CVE-2013-2400

Oracle JRE, JDK, JavaFX: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle JRE, JDK, JavaFX.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 40.
Creation date: 19/06/2013.
Identifiers: 1648416, 1650599, 1657132, BID-60617, BID-60618, BID-60619, BID-60620, BID-60621, BID-60622, BID-60623, BID-60624, BID-60625, BID-60626, BID-60627, BID-60629, BID-60630, BID-60631, BID-60632, BID-60633, BID-60634, BID-60635, BID-60636, BID-60637, BID-60638, BID-60639, BID-60640, BID-60641, BID-60643, BID-60644, BID-60645, BID-60646, BID-60647, BID-60649, BID-60650, BID-60651, BID-60652, BID-60653, BID-60654, BID-60655, BID-60656, BID-60657, BID-60658, BID-60659, c03868911, c03874547, c03898880, CERTA-2013-AVI-361, CERTFR-2014-AVI-244, CVE-2013-1500, CVE-2013-1571, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2467, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3744, DSA-2722-1, DSA-2727-1, FEDORA-2013-11281, FEDORA-2013-11285, HPSBUX02907, HPSBUX02908, HPSBUX02922, IC94453, javacpujun2013, KLYH95CMCJ, MDVSA-2013:183, MDVSA-2013:196, openSUSE-SU-2013:1247-1, openSUSE-SU-2013:1288-1, PSA-2013-0811-1, PSA-2013-0813-1, PSA-2013-0819-1, PSA-2013-0827-1, RHSA-2013:0957-01, RHSA-2013:0958-01, RHSA-2013:0963-01, RHSA-2013:1014-01, RHSA-2013:1059-01, RHSA-2013:1060-01, RHSA-2013:1081-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT101305, SUSE-SU-2013:1238-1, SUSE-SU-2013:1254-1, SUSE-SU-2013:1255-1, SUSE-SU-2013:1255-2, SUSE-SU-2013:1255-3, SUSE-SU-2013:1256-1, SUSE-SU-2013:1257-1, SUSE-SU-2013:1263-1, SUSE-SU-2013:1263-2, SUSE-SU-2013:1264-1, SUSE-SU-2013:1293-2, SUSE-SU-2013:1305-1, swg21641098, swg21644918, VIGILANCE-VUL-12992, VMSA-2013-0006.1, VMSA-2013-0009.1, VMSA-2013-0012.1, VU#225657, ZDI-13-132, ZDI-13-151, ZDI-13-152, ZDI-13-153, ZDI-13-154, ZDI-13-155, ZDI-13-156, ZDI-13-157, ZDI-13-158, ZDI-13-159, ZDI-13-160.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle JRE, JDK, JavaFX.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60651, CVE-2013-2470, ZDI-13-158]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60659, CVE-2013-2471, ZDI-13-152]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60656, CVE-2013-2472, ZDI-13-151]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60623, CVE-2013-2473, ZDI-13-154]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60655, CVE-2013-2463, ZDI-13-156]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60631, CVE-2013-2464, ZDI-13-157]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60657, CVE-2013-2465, ZDI-13-153]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60658, CVE-2013-2469, ZDI-13-155]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60647, CVE-2013-2459, PSA-2013-0811-1]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60637, CVE-2013-2468]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60624, CVE-2013-2466]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-60626, CVE-2013-3743]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60630, CVE-2013-2462]

An attacker can use a vulnerability of Serviceability, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-60635, CVE-2013-2460]

An attacker can use a vulnerability of Hotspot, in order to create a denial of service. [severity:2/4; BID-60639, CVE-2013-2445]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60640, CVE-2013-2448, ZDI-13-160]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60643, CVE-2013-2442]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60645, CVE-2013-2461]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60649, CVE-2013-2467]

An attacker can use a vulnerability of Libraries, in order to obtain information, or to create a denial of service. [severity:3/4; BID-60653, CVE-2013-2407]

An attacker can use a vulnerability of JDBC, in order to obtain or alter information. [severity:2/4; BID-60650, CVE-2013-2454]

An attacker can use a vulnerability of Libraries, in order to obtain or alter information. [severity:2/4; BID-60652, CVE-2013-2458]

An attacker can use a vulnerability of AWT, in order to create a denial of service. [severity:2/4; BID-60633, CVE-2013-2444]

An attacker can use a vulnerability of CORBA, in order to obtain information. [severity:2/4; BID-60620, CVE-2013-2446]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-60636, CVE-2013-2437]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-60621, CVE-2013-2400]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-60654, CVE-2013-3744]

An attacker can use a vulnerability of JMX, in order to alter information. [severity:2/4; BID-60632, CVE-2013-2457]

An attacker can use a vulnerability of JMX, in order to alter information. [severity:2/4; BID-60644, CVE-2013-2453]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-60646, CVE-2013-2443]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-60617, CVE-2013-2452]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-60619, CVE-2013-2455, ZDI-13-159]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-60629, CVE-2013-2447]

An attacker can use a vulnerability of Serialization, in order to create a denial of service. [severity:2/4; BID-60638, CVE-2013-2450]

An attacker can use a vulnerability of Serialization, in order to obtain information. [severity:2/4; BID-60641, CVE-2013-2456]

An attacker can use a vulnerability of Serviceability, in order to obtain information. [severity:2/4; BID-60618, CVE-2013-2412]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-60622, CVE-2013-2449]

An attacker can use a vulnerability of Javadoc, in order to alter information (VIGILANCE-VUL-13106). [severity:2/4; BID-60634, CVE-2013-1571, swg21641098, VU#225657]

An attacker can use a vulnerability of Networking, in order to alter information. [severity:2/4; BID-60625, CVE-2013-2451]

An attacker can use a vulnerability of 2D, in order to obtain or alter information. [severity:1/4; BID-60627, CVE-2013-1500]
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2013-0536

IBM Notes: privilege escalation via ntmulti.exe

Synthesis of the vulnerability

A local attacker can use the IBM Notes Multi User Profile Cleanup feature, in order to execute code with privileges of the next user.
Severity: 2/4.
Creation date: 13/06/2013.
Identifiers: BID-60554, CERTA-2013-AVI-357, CVE-2013-0536, swg21633827, VIGILANCE-VUL-12978.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The IBM Notes Multi User Profile Cleanup (ntmulti.exe) service manages roaming users.

However, a local attacker can install a trojan, which is executed when the next user logs on the system.

A local attacker can therefore use the IBM Notes Multi User Profile Cleanup feature, in order to execute code with privileges of the next user.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2013-0534

IBM Notes: password reading in memory

Synthesis of the vulnerability

A local attacker, who can access to the memory of processes, can read recently used passwords.
Severity: 1/4.
Creation date: 13/06/2013.
Identifiers: CERTA-2013-AVI-357, CVE-2013-0534, SPR#JMOY95H59S, SPR# NPEI95BQLK, swg21636154, VIGILANCE-VUL-12977.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The IBM Notes product manages password.

When these passwords are no longer needed, the product should reset the memory area which contained these passwords. However, IBM Notes does not do it.

A local attacker, who can access to the memory of processes, can therefore read recently used passwords.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2013-0522

IBM Notes: password disclosure via Client Single Logon

Synthesis of the vulnerability

When Notes Client Single Logon is enabled, a local attacker can obtain the IBM Lotus Notes user's password.
Severity: 2/4.
Creation date: 14/05/2013.
Identifiers: BID-59809, CVE-2013-0522, swg21634508, VIGILANCE-VUL-12792.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Notes Client Single Logon feature is used to synchronize the Windows and IBM Lotus Notes passwords.

However, a local attacker can capture the password.

When Notes Client Single Logon is enabled, a local attacker can therefore obtain the IBM Lotus Notes user's password.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-2977

IBM Notes: integer overflow of PNG

Synthesis of the vulnerability

An attacker can send an email containing a malicious PNG image, to generate an integer overflow in IBM Notes, in order to trigger a denial of service, and possibly to execute code.
Severity: 3/4.
Creation date: 07/05/2013.
Identifiers: BID-59693, CERTA-2013-AVI-357, CVE-2013-2977, swg21633819, swg21635878, VIGILANCE-VUL-12767.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can send an email containing a malicious PNG image, to generate an integer overflow in IBM Notes, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Notes: