The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Internet Directory

threat announce CVE-2018-2893 CVE-2018-2894 CVE-2018-2900

Oracle Fusion Middleware: vulnerabilities of July 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 16.
Creation date: 18/07/2018.
Identifiers: cpujul2018, CVE-2018-2893, CVE-2018-2894, CVE-2018-2900, CVE-2018-2925, CVE-2018-2933, CVE-2018-2935, CVE-2018-2943, CVE-2018-2958, CVE-2018-2987, CVE-2018-2998, CVE-2018-3007, CVE-2018-3100, CVE-2018-3101, CVE-2018-3105, CVE-2018-3108, CVE-2018-3109, VIGILANCE-VUL-26765.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-8013

Apache Batik: information disclosure via AbstractDocument

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via AbstractDocument of Apache Batik, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 28/05/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-8013, DLA-1385-1, DSA-4215-1, FEDORA-2018-168af81706, FEDORA-2018-79792e0c64, USN-3661-1, VIGILANCE-VUL-26231.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via AbstractDocument of Apache Batik, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-7489

jackson-databind: code execution via Deserializing

Synthesis of the vulnerability

An attacker can use a vulnerability via Deserializing of jackson-databind, in order to run code.
Severity: 2/4.
Creation date: 04/05/2018.
Identifiers: 5048, 521680, 521682, 527583, cpuapr2019, cpujan2019, cpujul2018, cpuoct2018, CVE-2018-7489, DSA-2018-096, DSA-2018-102, DSA-2018-207, DSA-4190-1, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:2088-01, RHSA-2018:2089-01, RHSA-2018:2090-01, VIGILANCE-VUL-26043.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Deserializing of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2018-1275

Spring Framework: information disclosure via Multipart Content

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Multipart Content of Spring Framework, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 10/04/2018.
Identifiers: cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-1275, VIGILANCE-VUL-25828.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Multipart Content of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2018-1272

Spring Framework: information disclosure via Multipart Content

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Multipart Content of Spring Framework, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 06/04/2018.
Identifiers: cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-1272, RHSA-2018:2669-01, VIGILANCE-VUL-25785.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Multipart Content of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2018-1271

Spring Framework: directory traversal via Spring MVC

Synthesis of the vulnerability

An attacker can traverse directories via Spring MVC of Spring Framework, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 06/04/2018.
Identifiers: cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-1271, RHSA-2018:2669-01, VIGILANCE-VUL-25784.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories via Spring MVC of Spring Framework, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2018-1270

Spring Framework: code execution via spring-messaging

Synthesis of the vulnerability

An attacker can use a vulnerability via spring-messaging of Spring Framework, in order to run code.
Severity: 3/4.
Creation date: 06/04/2018.
Identifiers: cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-1270, VIGILANCE-VUL-25783.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via spring-messaging of Spring Framework, in order to run code.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2018-0739

OpenSSL: denial of service via Recursive ASN.1

Synthesis of the vulnerability

An attacker can generate a fatal error via Recursive ASN.1 of OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 27/03/2018.
Identifiers: 2015887, 524146, bulletinjan2019, CERTFR-2018-AVI-155, cpuapr2019, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-0739, DLA-1330-1, DSA-2018-125, DSA-4157-1, DSA-4158-1, FEDORA-2018-1b4f1158e2, FEDORA-2018-40dc8b8b16, FEDORA-2018-76afaf1961, FEDORA-2018-9490b422e7, ibm10715641, ibm10717211, ibm10717405, ibm10717409, ibm10719319, ibm10733605, ibm10738249, ibm10874728, K08044291, N1022561, openSUSE-SU-2018:0936-1, openSUSE-SU-2018:1057-1, openSUSE-SU-2018:2208-1, openSUSE-SU-2018:2238-1, openSUSE-SU-2018:2524-1, openSUSE-SU-2018:2695-1, PAN-SA-2018-0015, RHSA-2018:3090-01, RHSA-2018:3221-01, SA166, SB10243, SSA-181018, SUSE-SU-2018:0902-1, SUSE-SU-2018:0905-1, SUSE-SU-2018:0906-1, SUSE-SU-2018:0975-1, SUSE-SU-2018:2072-1, SUSE-SU-2018:2158-1, SUSE-SU-2018:2683-1, Synology-SA-18:51, USN-3611-1, USN-3611-2, VIGILANCE-VUL-25666.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Recursive ASN.1 of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2018-0733

OpenSSL: privilege escalation via HP-UX PA-RISC CRYPTO_memcmp

Synthesis of the vulnerability

An attacker can bypass restrictions via HP-UX PA-RISC CRYPTO_memcmp() of OpenSSL, in order to escalate his privileges.
Severity: 2/4.
Creation date: 27/03/2018.
Identifiers: CERTFR-2018-AVI-155, cpuapr2019, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-0733, FEDORA-2018-40dc8b8b16, FEDORA-2018-76afaf1961, ibm10717405, ibm10717409, N1022561, VIGILANCE-VUL-25665.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via HP-UX PA-RISC CRYPTO_memcmp() of OpenSSL, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-17485 CVE-2017-7525 CVE-2018-5968

Apache Struts: code execution via com.fasterxml.jackson

Synthesis of the vulnerability

An attacker can use a vulnerability (VIGILANCE-VUL-23406) of com.fasterxml.jackson of Apache Struts, in order to run code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/12/2017.
Identifiers: 5048, CERTFR-2017-AVI-470, cpuapr2018, cpuapr2019, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-17485, CVE-2017-7525, CVE-2018-5968, DSA-4037-1, DSA-4114-1, ibm10715641, ibm10738249, RHSA-2017:3454-01, RHSA-2017:3455-01, RHSA-2017:3456-01, RHSA-2017:3458-01, RHSA-2018:0294-01, RHSA-2018:0478-01, RHSA-2018:0479-01, RHSA-2018:0480-01, RHSA-2018:0481-01, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:2930-01, S2-055, VIGILANCE-VUL-24732.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability (VIGILANCE-VUL-23406) of com.fasterxml.jackson of Apache Struts, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Internet Directory: