The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Outside In Technology

threat announce CVE-2018-2768 CVE-2018-2801 CVE-2018-2806

Oracle Outside In Technology: vulnerabilities of April 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 20/06/2018.
Identifiers: ADV180010, cpuapr2018, CVE-2018-2768, CVE-2018-2801, CVE-2018-2806, VIGILANCE-VUL-26457.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2017-10026 CVE-2017-10033 CVE-2017-10034

Oracle Fusion Middleware: vulnerabilities of October 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Fusion Middleware.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 23.
Creation date: 18/10/2017.
Revision date: 29/01/2018.
Identifiers: cpuoct2017, CVE-2017-10026, CVE-2017-10033, CVE-2017-10034, CVE-2017-10037, CVE-2017-10051, CVE-2017-10055, CVE-2017-10060, CVE-2017-10152, CVE-2017-10154, CVE-2017-10163, CVE-2017-10166, CVE-2017-10259, CVE-2017-10270, CVE-2017-10271, CVE-2017-10334, CVE-2017-10336, CVE-2017-10352, CVE-2017-10360, CVE-2017-10369, CVE-2017-10385, CVE-2017-10391, CVE-2017-10393, CVE-2017-10400, VIGILANCE-VUL-24164.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion Middleware.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2011-2730 CVE-2013-2027 CVE-2017-10024

Oracle Fusion Middleware: vulnerabilities of July 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Fusion Middleware.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 25.
Creation date: 19/07/2017.
Identifiers: cpujul2017, CVE-2011-2730, CVE-2013-2027, CVE-2017-10024, CVE-2017-10025, CVE-2017-10028, CVE-2017-10029, CVE-2017-10030, CVE-2017-10035, CVE-2017-10040, CVE-2017-10041, CVE-2017-10043, CVE-2017-10048, CVE-2017-10058, CVE-2017-10059, CVE-2017-10063, CVE-2017-10075, CVE-2017-10119, CVE-2017-10123, CVE-2017-10137, CVE-2017-10141, CVE-2017-10147, CVE-2017-10148, CVE-2017-10156, CVE-2017-10157, CVE-2017-10178, VIGILANCE-VUL-23287.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion Middleware.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2017-3266 CVE-2017-3267 CVE-2017-3268

Oracle Outside In Technology: vulnerabilities of January 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Outside In Technology.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 9.
Creation date: 18/01/2017.
Revisions dates: 31/01/2017, 19/05/2017.
Identifiers: cpujan2017, CVE-2017-3266, CVE-2017-3267, CVE-2017-3268, CVE-2017-3269, CVE-2017-3270, CVE-2017-3271, CVE-2017-3293, CVE-2017-3294, CVE-2017-3295, TALOS-2016-0198, TALOS-2016-0215, VIGILANCE-VUL-21602.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Outside In Technology.

An attacker can use a vulnerability via Outside In Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3266]

An attacker can use a vulnerability via Outside In Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3267]

An attacker can use a vulnerability via Outside In Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3268]

An attacker can use a vulnerability via Outside In Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3269]

An attacker can use a vulnerability via Outside In Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3270]

An attacker can use a vulnerability via Outside In Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3271, TALOS-2016-0198]

An attacker can use a vulnerability via Outside In Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3293, TALOS-2016-0215]

An attacker can use a vulnerability via Outside In Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3294]

An attacker can use a vulnerability via Outside In Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3295]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-9387 CVE-2016-9388 CVE-2016-9389

JasPer: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of JasPer.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 8.
Creation date: 10/05/2017.
Identifiers: cpujan2019, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, FEDORA-2017-cfc20d5d45, FEDORA-2017-da0b00fd64, openSUSE-SU-2017:1960-1, RHSA-2017:1208-01, USN-3693-1, VIGILANCE-VUL-22694.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of JasPer.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2017-8287

FreeType: buffer overflow via t1_builder_close_contour

Synthesis of the vulnerability

An attacker can generate a buffer overflow via t1_builder_close_contour() of FreeType, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 02/05/2017.
Identifiers: cpuapr2019, CVE-2017-8287, DLA-931-1, DSA-3839-1, FEDORA-2017-5760b80676, FEDORA-2017-950cc68400, openSUSE-SU-2018:0420-1, SSA:2017-136-01, SUSE-SU-2018:0414-1, USN-3282-1, USN-3282-2, VIGILANCE-VUL-22601.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via t1_builder_close_contour() of FreeType, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2017-5662

Apache Batik: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to Apache Batik, in order to read a file, scan sites, or trigger a denial of service.
Severity: 2/4.
Creation date: 02/05/2017.
Identifiers: cpuapr2018, cpujul2018, cpuoct2017, CVE-2017-5662, DLA-926-1, DSA-4215-1, FEDORA-2017-43b46cd2da, FEDORA-2017-aff3dd3101, RHSA-2017:2546-01, RHSA-2017:2547-01, RHSA-2018:0319-01, USN-3280-1, VIGILANCE-VUL-22591.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the Apache Batik parser allows external entities.

An attacker can therefore transmit malicious XML data to Apache Batik, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2017-8105

FreeType: buffer overflow via Font

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Font of FreeType, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 27/04/2017.
Identifiers: cpuapr2019, CVE-2017-8105, DLA-918-1, DSA-3839-1, FEDORA-2017-5760b80676, FEDORA-2017-950cc68400, openSUSE-SU-2018:0420-1, SUSE-SU-2018:0414-1, USN-3282-1, USN-3282-2, VIGILANCE-VUL-22572.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via Font of FreeType, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2017-5638

Apache Struts: code execution via Jakarta Multipart CD/CL

Synthesis of the vulnerability

An attacker can use a malicious Content-Disposition/Content-Length header on Apache Struts with Jakarta Multipart installed, in order to run code.
Severity: 4/4.
Creation date: 20/03/2017.
Identifiers: 498123, CERTFR-2017-ALE-004, cisco-sa-20170310-struts2, cpuapr2017, cpujul2017, CVE-2017-5638, ESA-2017-042, S2-045, S2-046, VIGILANCE-VUL-22190.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache Struts product can be configured to use the Multipart parser of Jakarta.

The HTTP Content-Type header can contain the multipart/form-data MIME type to indicate form data. In this case, the Multipart parser of Jakarta is called.

When the Multipart parser of Jakarta is used, and when the Content-Disposition or Content-Length header contains a malformed value, an exception occurs, and the header content is interpreted during the display.

An attacker can therefore use a malicious Content-Disposition/Content-Length header on Apache Struts with Jakarta Multipart installed, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-5638

Apache Struts: code execution via Jakarta Multipart CT

Synthesis of the vulnerability

An attacker can use a malicious Content-Type header on Apache Struts with Jakarta Multipart installed, in order to run code.
Severity: 4/4.
Creation date: 08/03/2017.
Revision date: 14/03/2017.
Identifiers: 498123, CERTFR-2017-ALE-004, CERTFR-2017-AVI-071, cisco-sa-20170310-struts2, cpuapr2017, cpujul2017, CVE-2017-5638, ESA-2017-042, S2-045, S2-046, VIGILANCE-VUL-22047, VMSA-2017-0004, VMSA-2017-0004.6, VU#834067.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache Struts product can be configured to use the Multipart parser of Jakarta.

The HTTP Content-Type header can contain the multipart/form-data MIME type to indicate form data. In this case, the Multipart parser of Jakarta is called.

When the Multipart parser of Jakarta is used, and when the Content-Type header contains a malformed multipart/form-data header, an exception occurs, and the header content is interpreted during the display.

An attacker can therefore use a malicious Content-Type header on Apache Struts with Jakarta Multipart installed, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Outside In Technology: