The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Identity Manager

vulnerability note CVE-2018-1000613

Bouncy Castle Java Cryptography Extension: vulnerability via XMSS Private Keys Deserialization

Synthesis of the vulnerability

A vulnerability via XMSS Private Keys Deserialization of Bouncy Castle Java Cryptography Extension was announced.
Severity: 2/4.
Creation date: 02/07/2018.
Identifiers: CERTFR-2019-AVI-325, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-1000613, FEDORA-2018-e6894349c9, JSA10939, openSUSE-SU-2018:2131-1, openSUSE-SU-2018:2180-1, VIGILANCE-VUL-26596.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A vulnerability via XMSS Private Keys Deserialization of Bouncy Castle Java Cryptography Extension was announced.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-11040

Spring Framework: information disclosure via Cross-Domain Requests

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cross-Domain Requests of Spring Framework, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 15/06/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-11040, VIGILANCE-VUL-26440.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Cross-Domain Requests of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-11039

Spring Framework: information disclosure via Cross Site Tracing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cross Site Tracing of Spring Framework, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 15/06/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-11039, VIGILANCE-VUL-26439.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Cross Site Tracing of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2018-0732

OpenSSL: denial of service via Large DH Parameter

Synthesis of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 12/06/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0732, DLA-1449-1, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10719319, ibm10729805, ibm10738401, ibm10743283, ibm10874728, JSA10919, K21665601, openSUSE-SU-2018:1906-1, openSUSE-SU-2018:2117-1, openSUSE-SU-2018:2129-1, openSUSE-SU-2018:2667-1, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2816-1, openSUSE-SU-2018:2855-1, openSUSE-SU-2018:3013-1, openSUSE-SU-2018:3015-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:1887-1, SUSE-SU-2018:1968-1, SUSE-SU-2018:2036-1, SUSE-SU-2018:2041-1, SUSE-SU-2018:2207-1, SUSE-SU-2018:2647-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2812-1, SUSE-SU-2018:2956-1, SUSE-SU-2018:2965-1, SUSE-SU-2019:1553-1, SYMSA1462, TNS-2018-14, TNS-2018-17, TSB17568, USN-3692-1, USN-3692-2, VIGILANCE-VUL-26375.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1000180

Bouncy Castle: vulnerability via RSA Digital Signature Prime Generation

Synthesis of the vulnerability

A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Severity: 1/4.
Creation date: 06/06/2018.
Identifiers: CERTFR-2019-AVI-325, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-1000180, DSA-4233-1, FEDORA-2018-ceced55c5e, FEDORA-2018-da9fe79871, JSA10939, openSUSE-SU-2018:2820-1, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, RHSA-2018:2669-01, VIGILANCE-VUL-26323.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-8013

Apache Batik: information disclosure via AbstractDocument

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via AbstractDocument of Apache Batik, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 28/05/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-8013, DLA-1385-1, DSA-4215-1, FEDORA-2018-168af81706, FEDORA-2018-79792e0c64, USN-3661-1, VIGILANCE-VUL-26231.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via AbstractDocument of Apache Batik, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2018-1000300

curl: buffer overflow via FTP Shutdown Response

Synthesis of the vulnerability

An attacker can generate a buffer overflow via FTP Shutdown Response of curl, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 16/05/2018.
Identifiers: cpujan2019, cpuoct2018, CVE-2018-1000300, FEDORA-2018-9dc7338487, FEDORA-2018-fa01002d7e, openSUSE-SU-2018:1624-1, SSA:2018-136-01, STORM-2019-002, USN-3648-1, VIGILANCE-VUL-26142.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via FTP Shutdown Response of curl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2018-1000301

curl: out-of-bounds memory reading via RTSP

Synthesis of the vulnerability

An attacker can force a read at an invalid address via RTSP of curl, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 16/05/2018.
Identifiers: cpujan2019, cpujul2019, cpuoct2018, CVE-2018-1000301, DLA-1379-1, DSA-2019-114, DSA-4202-1, FEDORA-2018-9dc7338487, FEDORA-2018-fa01002d7e, ibm10743283, openSUSE-SU-2018:1344-1, openSUSE-SU-2018:1624-1, RHSA-2018:3157-01, RHSA-2018:3558-01, SSA:2018-136-01, SUSE-SU-2018:1327-1, SUSE-SU-2018:1478-1, USN-3648-1, VIGILANCE-VUL-26141.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via RTSP of curl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2018-1258

Spring Framework: privilege escalation via Spring Security Method

Synthesis of the vulnerability

An attacker can bypass restrictions via Spring Security Method of Spring Framework, in order to escalate his privileges.
Severity: 2/4.
Creation date: 09/05/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-1258, DSA-2019-093, VIGILANCE-VUL-26089.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Spring Security Method of Spring Framework, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-1257

Spring Framework: denial of service via Spring-messaging

Synthesis of the vulnerability

An attacker can generate a fatal error via Spring-messaging of Spring Framework, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 09/05/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-1257, VIGILANCE-VUL-26088.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Spring-messaging of Spring Framework, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Identity Manager: