The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of QRadar SIEM

computer vulnerability note CVE-2016-9588

Linux kernel: denial of service via KVM

Synthesis of the vulnerability

An attacker, inside a guest system, on a host using twice the KVM virtualization, can generate a fatal error in the Linux kernel, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, QRadar SIEM, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 15/12/2016.
Identifiers: 2011746, CERTFR-2017-AVI-058, CERTFR-2017-AVI-162, CERTFR-2018-AVI-557, CVE-2016-9588, DLA-849-1, DSA-3804-1, FEDORA-2016-2b1f91e9bd, FEDORA-2016-dd895763ac, RHSA-2017:1842-01, RHSA-2017:2077-01, SUSE-SU-2017:1247-1, SUSE-SU-2017:1360-1, USN-3208-1, USN-3208-2, USN-3209-1, USN-3822-1, USN-3822-2, VIGILANCE-VUL-21389.

Description of the vulnerability

An attacker, inside a guest system, on a host using twice the KVM virtualization, can generate a fatal error in the Linux kernel, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-9576

Linux kernel: memory corruption via blk_rq_map_user_iov

Synthesis of the vulnerability

An attacker can generate a memory corruption via blk_rq_map_user_iov() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, QRadar SIEM, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, data reading, denial of service on server.
Provenance: user shell.
Creation date: 09/12/2016.
Identifiers: 2011746, CERTFR-2016-AVI-420, CERTFR-2017-AVI-042, CERTFR-2017-AVI-131, CERTFR-2017-AVI-287, CVE-2016-9576, DLA-772-1, FEDORA-2016-107f03cc00, FEDORA-2016-5aff4a6bbc, FEDORA-2016-5cb5b4082d, K05513373, openSUSE-SU-2016:3085-1, openSUSE-SU-2016:3086-1, openSUSE-SU-2016:3118-1, RHSA-2017:0817-01, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, SUSE-SU-2016:3146-1, SUSE-SU-2016:3188-1, SUSE-SU-2016:3203-1, SUSE-SU-2016:3217-1, SUSE-SU-2016:3248-1, SUSE-SU-2016:3252-1, SUSE-SU-2017:0407-1, SUSE-SU-2017:1102-1, VIGILANCE-VUL-21339.

Description of the vulnerability

An attacker can generate a memory corruption via blk_rq_map_user_iov() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-9806

Linux kernel: use after free via netlink_dump

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via netlink_dump() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, QRadar SIEM, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 05/12/2016.
Identifiers: 2011746, CERTFR-2017-AVI-042, CERTFR-2017-AVI-050, CERTFR-2017-AVI-053, CERTFR-2017-AVI-060, CERTFR-2017-AVI-287, CVE-2016-9806, openSUSE-SU-2017:0456-1, openSUSE-SU-2017:0458-1, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, SUSE-SU-2017:0407-1, SUSE-SU-2017:0464-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0575-1, USN-3168-1, USN-3168-2, VIGILANCE-VUL-21261.

Description of the vulnerability

An attacker can force the usage of a freed memory area via netlink_dump() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-9685

Linux kernel: memory leak via xfs_attr_shortform_list

Synthesis of the vulnerability

An attacker can create a memory leak via xfs_attr_shortform_list() on the Linux kernel, in order to trigger a denial of service.
Impacted products: QRadar SIEM, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 30/11/2016.
Identifiers: 2011746, CERTFR-2017-AVI-034, CERTFR-2017-AVI-039, CERTFR-2017-AVI-044, CERTFR-2017-AVI-045, CERTFR-2017-AVI-054, CERTFR-2017-AVI-131, CERTFR-2017-AVI-287, CVE-2016-9685, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, SUSE-SU-2017:0333-1, SUSE-SU-2017:0437-1, SUSE-SU-2017:0494-1, SUSE-SU-2017:1102-1, USN-3187-1, USN-3187-2, VIGILANCE-VUL-21241.

Description of the vulnerability

An attacker can create a memory leak via xfs_attr_shortform_list() on the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6816

Apache Tomcat: information disclosure via HTTP Request Line

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via HTTP Request Line of Apache Tomcat, in order to obtain sensitive information.
Impacted products: Tomcat, Debian, BIG-IP Hardware, TMOS, Fedora, HPE NNMi, QRadar SIEM, Snap Creator Framework, openSUSE Leap, Oracle DB, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 22/11/2016.
Identifiers: 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 1999671, cpuoct2017, CVE-2016-6816, DLA-728-1, DLA-729-1, DSA-3738-1, DSA-3739-1, FEDORA-2016-98cca07999, FEDORA-2016-9c33466fbb, FEDORA-2016-a98c560116, K50116122, KM03302206, NTAP-20180605-0001, NTAP-20180607-0001, NTAP-20180607-0002, NTAP-20180614-0001, openSUSE-SU-2016:3129-1, openSUSE-SU-2016:3144-1, RHSA-2017:0244-01, RHSA-2017:0245-01, RHSA-2017:0246-01, RHSA-2017:0247-01, RHSA-2017:0250-01, RHSA-2017:0455-01, RHSA-2017:0456-01, RHSA-2017:0457-01, RHSA-2017:0527-01, RHSA-2017:0935-01, SOL50116122, SUSE-SU-2016:3079-1, SUSE-SU-2016:3081-1, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, USN-3177-1, USN-3177-2, VIGILANCE-VUL-21173.

Description of the vulnerability

An attacker can bypass access restrictions to data via HTTP Request Line of Apache Tomcat, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-8645

Linux kernel: assertion error via tcp_input.c

Synthesis of the vulnerability

An attacker can force an assertion error via tcp_input.c of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, QRadar SIEM, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 14/11/2016.
Identifiers: 2011746, CERTFR-2016-AVI-426, CERTFR-2017-AVI-016, CERTFR-2017-AVI-042, CERTFR-2017-AVI-050, CERTFR-2017-AVI-053, CERTFR-2017-AVI-158, CERTFR-2017-AVI-287, CVE-2016-8645, DLA-772-1, FEDORA-2016-3548475bca, FEDORA-2016-ee3a114958, openSUSE-SU-2017:0456-1, openSUSE-SU-2017:0458-1, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, SUSE-SU-2017:0181-1, SUSE-SU-2017:0407-1, SUSE-SU-2017:0464-1, SUSE-SU-2017:0471-1, USN-3161-1, USN-3161-2, USN-3161-3, USN-3161-4, USN-3162-1, USN-3162-2, USN-3290-1, VIGILANCE-VUL-21099.

Description of the vulnerability

An attacker can force an assertion error via tcp_input.c of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-8970

Linux kernel: NULL pointer dereference via lrw_crypt

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via lrw_crypt() on the Linux kernel, in order to trigger a denial of service.
Impacted products: QRadar SIEM, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 03/11/2016.
Identifiers: 2011746, CERTFR-2017-AVI-054, CERTFR-2017-AVI-282, CVE-2015-8970, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2437-01, RHSA-2017:2444-01, SUSE-SU-2017:0494-1, SUSE-SU-2017:1301-1, SUSE-SU-2017:2342-1, VIGILANCE-VUL-21042.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via lrw_crypt() on the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-0762 CVE-2016-5018 CVE-2016-6794

Apache Tomcat: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache Tomcat.
Impacted products: Tomcat, Debian, Fedora, QRadar SIEM, Snap Creator Framework, openSUSE Leap, Solaris, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 27/10/2016.
Identifiers: 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 1999671, bulletinoct2016, CVE-2016-0762, CVE-2016-5018, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, DLA-728-1, DLA-729-1, DSA-3720-1, DSA-3721-1, FEDORA-2016-4094bd4ad6, FEDORA-2016-c1b01b9278, NTAP-20180605-0001, NTAP-20180607-0001, NTAP-20180607-0002, NTAP-20180614-0001, openSUSE-SU-2016:3129-1, openSUSE-SU-2016:3144-1, RHSA-2017:0455-01, RHSA-2017:0456-01, RHSA-2017:0457-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, RHSA-2017:2247-01, SUSE-SU-2016:3079-1, SUSE-SU-2016:3081-1, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, USN-3177-1, USN-3177-2, VIGILANCE-VUL-20976.

Description of the vulnerability

Several vulnerabilities were announced in Apache Tomcat.

An attacker can bypass security features via SecurityManager, in order to escalate his privileges. [severity:2/4; CVE-2016-5018]

An attacker can bypass security features via Realm Timing, in order to obtain sensitive information. [severity:2/4; CVE-2016-0762]

An attacker can bypass security features via System Property, in order to obtain sensitive information. [severity:2/4; CVE-2016-6794]

An attacker can bypass security features via SecurityManager, in order to escalate his privileges. [severity:2/4; CVE-2016-6796]

An attacker can bypass security features via Global Resources, in order to obtain sensitive information. [severity:2/4; CVE-2016-6797]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-5542 CVE-2016-5554 CVE-2016-5556

Oracle Java: vulnerabilities of October 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Debian, Avamar, Fedora, AIX, Domino, Notes, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, SnapManager, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, JavaFX, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 19/10/2016.
Identifiers: 1993440, 1994049, 1994123, 1994478, 1997764, 1999054, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 2000212, 2000544, 2000904, 2000988, 2000990, 2001608, 2002331, 2002479, 2002537, 2003145, 2004036, 491108, CERTFR-2016-AVI-349, CERTFR-2017-AVI-012, cpuoct2016, CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5568, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597, DLA-704-1, DSA-3707-1, ESA-2016-137, FEDORA-2016-73054cfeeb, JSA10770, NTAP-20161019-0001, openSUSE-SU-2016:2862-1, openSUSE-SU-2016:2900-1, openSUSE-SU-2016:2985-1, openSUSE-SU-2016:2990-1, openSUSE-SU-2016:3088-1, RHSA-2016:2079-01, RHSA-2016:2088-01, RHSA-2016:2089-01, RHSA-2016:2090-01, RHSA-2016:2136-01, RHSA-2016:2137-01, RHSA-2016:2138-01, RHSA-2016:2658-01, RHSA-2016:2659-01, RHSA-2017:0061-01, SUSE-SU-2016:2887-1, SUSE-SU-2016:3010-1, SUSE-SU-2016:3040-1, SUSE-SU-2016:3041-1, SUSE-SU-2016:3043-1, SUSE-SU-2016:3068-1, SUSE-SU-2016:3078-1, USN-3121-1, USN-3130-1, USN-3154-1, VIGILANCE-VUL-20906, ZDI-16-571.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability via 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5556]

An attacker can use a vulnerability via AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5568, ZDI-16-571]

An attacker can use a vulnerability via Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5582]

An attacker can use a vulnerability via Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5573]

An attacker can use a vulnerability via Networking, in order to obtain information. [severity:2/4; CVE-2016-5597]

An attacker can use a vulnerability via JMX, in order to alter information. [severity:2/4; CVE-2016-5554]

An attacker can use a vulnerability via Libraries, in order to alter information. [severity:1/4; CVE-2016-5542]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7042

Linux kernel: buffer overflow via proc_keys_show

Synthesis of the vulnerability

An attacker can generate a buffer overflow via proc_keys_show() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, QRadar SIEM, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 14/10/2016.
Identifiers: 1373499, 2011746, CERTFR-2016-AVI-378, CERTFR-2016-AVI-426, CERTFR-2017-AVI-001, CERTFR-2017-AVI-016, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CERTFR-2017-AVI-054, CERTFR-2017-AVI-131, CERTFR-2017-AVI-287, CVE-2016-7042, DLA-670-1, DSA-3696-1, openSUSE-SU-2016:3021-1, openSUSE-SU-2016:3050-1, openSUSE-SU-2016:3058-1, openSUSE-SU-2016:3061-1, RHSA-2017:0817-01, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0181-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0494-1, SUSE-SU-2017:1102-1, USN-3126-1, USN-3126-2, USN-3127-1, USN-3127-2, USN-3128-1, USN-3128-2, USN-3128-3, USN-3129-1, USN-3129-2, USN-3161-1, USN-3161-2, USN-3161-3, USN-3161-4, VIGILANCE-VUL-20868.

Description of the vulnerability

The Linux kernel provides the /proc/keys interface to access to cryptographic keys.

However, if the size of data is greater than the size of the storage array, an overflow occurs in proc_keys_show().

An attacker can therefore generate a buffer overflow via proc_keys_show() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about QRadar SIEM: