The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RHEL

computer vulnerability CVE-2015-3239

libunwind: buffer overflow of dwarf_to_unw_regnum

Synthesis of the vulnerability

An attacker can generate a buffer overflow in dwarf_to_unw_regnum of libunwind, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: CVE-2015-3239, FEDORA-2015-11354, FEDORA-2015-11465, openSUSE-SU-2015:1245-1, openSUSE-SU-2015:1245-2, openSUSE-SU-2019:0061-1, RHSA-2015:1675-01, RHSA-2015:1768-01, RHSA-2015:1769-01, SUSE-SU-2019:0284-1, VIGILANCE-VUL-17395.

Description of the vulnerability

An attacker can generate a buffer overflow in dwarf_to_unw_regnum of libunwind, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-5073

PCRE: buffer overflow of find_fixedlength

Synthesis of the vulnerability

An attacker can generate a buffer overflow in find_fixedlength of PCRE, in order to trigger a denial of service, and possibly to run code.
Impacted products: BIG-IP Hardware, TMOS, Fedora, openSUSE, openSUSE Leap, Solaris, RHEL, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: bulletinjul2015, CERTFR-2018-AVI-288, CVE-2015-5073, FEDORA-2015-11019, FEDORA-2015-11027, FEDORA-2016-f59a8ff5d0, FEDORA-2016-fd1199dbe2, openSUSE-SU-2016:2805-1, openSUSE-SU-2016:3099-1, RHSA-2016:1025-01, RHSA-2016:1132-01, RHSA-2016:2750-01, SOL17331, TNS-2018-08, USN-2694-1, USN-2943-1, VIGILANCE-VUL-17390.

Description of the vulnerability

An attacker can generate a buffer overflow in find_fixedlength of PCRE, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-3210

PCRE: buffer overflow of pcre_compile2

Synthesis of the vulnerability

An attacker can generate a buffer overflow in pcre_compile2 of PCRE, in order to trigger a denial of service, and possibly to run code.
Impacted products: BIG-IP Hardware, TMOS, Fedora, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: bulletinjul2015, CVE-2015-3210, FEDORA-2015-11019, FEDORA-2015-11027, FEDORA-2016-f59a8ff5d0, FEDORA-2016-fd1199dbe2, openSUSE-SU-2016:2805-1, openSUSE-SU-2016:3099-1, RHSA-2016:1132-01, RHSA-2016:2750-01, SOL17235, SSA:2015-328-01, USN-2694-1, USN-2943-1, VIGILANCE-VUL-17389.

Description of the vulnerability

An attacker can generate a buffer overflow in pcre_compile2 of PCRE, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-3256

polkit: vulnerability

Synthesis of the vulnerability

A vulnerability of polkit was announced.
Impacted products: Fedora, openSUSE, openSUSE Leap, RHEL.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: user shell.
Creation date: 15/07/2015.
Identifiers: CVE-2015-3256, FEDORA-2015-11058, FEDORA-2015-11743, openSUSE-SU-2015:1734-1, openSUSE-SU-2015:1927-1, RHSA-2016:0189-01, VIGILANCE-VUL-17388.

Description of the vulnerability

A vulnerability of polkit was announced.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-4696

libwmf: use after free via wmf2gd/wmf2eps

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area in wmf2gd/wmf2eps of libwmf, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: CVE-2015-4696, DSA-3302-1, FEDORA-2015-10601, FEDORA-2015-10627, openSUSE-SU-2015:1212-1, RHSA-2015:1917-01, SSA:2018-120-01, USN-2670-1, VIGILANCE-VUL-17382.

Description of the vulnerability

An attacker can force the usage of a freed memory area in wmf2gd/wmf2eps of libwmf, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-4695

libwmf: buffer overflow of meta_pen_create

Synthesis of the vulnerability

An attacker can generate a buffer overflow in meta_pen_create of libwmf, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: CVE-2015-4695, DSA-3302-1, FEDORA-2015-10601, FEDORA-2015-10627, openSUSE-SU-2015:1212-1, RHSA-2015:1917-01, SSA:2018-120-01, USN-2670-1, VIGILANCE-VUL-17381.

Description of the vulnerability

An attacker can generate a buffer overflow in meta_pen_create of libwmf, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-4588

libwmf: integer overflow of RLE decoding

Synthesis of the vulnerability

An attacker can generate an integer overflow in RLE decoding of libwmf, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: CVE-2015-4588, DSA-3302-1, FEDORA-2015-10601, FEDORA-2015-10627, openSUSE-SU-2015:1132-1, openSUSE-SU-2015:1134-1, openSUSE-SU-2015:1212-1, RHSA-2015:1917-01, SSA:2018-120-01, USN-2670-1, VIGILANCE-VUL-17380.

Description of the vulnerability

An attacker can generate an integer overflow in RLE decoding of libwmf, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-0253 CVE-2015-3183 CVE-2015-3185

Apache httpd: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache httpd.
Impacted products: Apache httpd, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Domino, Tivoli System Automation, WebSphere AS Traditional, openSUSE, Solaris, Puppet, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/07/2015.
Identifiers: 1963361, 1965444, 1967197, 1969062, bulletinoct2015, c04832246, c04926789, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185, DSA-3325-1, DSA-3325-2, FEDORA-2015-11689, FEDORA-2015-11792, HPSBUX03435, HPSBUX03512, openSUSE-SU-2015:1684-1, RHSA-2015:1666-01, RHSA-2015:1667-01, RHSA-2015:1668-01, RHSA-2015:2659-01, RHSA-2015:2660-01, RHSA-2015:2661-01, RHSA-2016:0062-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SOL17251, SSA:2015-198-01, SSRT102254, SSRT102977, USN-2686-1, VIGILANCE-VUL-17378.

Description of the vulnerability

Several vulnerabilities were announced in Apache httpd.

An attacker can generate an error during the analysis of the HTTP Chunk header, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-3183]

The ap_some_auth_required directive is not honored, so an attacker can access to the service with no authentication. [severity:2/4; CVE-2015-3185]

When the configuration of "ErrorDocument 400" points to a local url/file, and when the INCLUDES filter is enabled, an attacker can trigger a denial of service. [severity:2/4; CVE-2015-0253]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-2582 CVE-2015-2611 CVE-2015-2617

Oracle MySQL: several vulnerabilities of July 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle MySQL were announced in July 2015.
Impacted products: Debian, Fedora, Junos Space, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE, Solaris, Percona Server, RHEL, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 18.
Creation date: 15/07/2015.
Identifiers: bulletinapr2016, bulletinapr2017, bulletinjul2016, CERTFR-2015-AVI-304, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, cpujul2015, CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772, DSA-3308-1, FEDORA-2015-12544, FEDORA-2015-12570, FEDORA-2015-13482, JSA10698, openSUSE-SU-2015:1629-1, RHSA-2015:1628-01, RHSA-2015:1629-01, RHSA-2015:1630-01, RHSA-2015:1646-01, RHSA-2015:1647-01, RHSA-2015:1665-01, USN-2674-1, VIGILANCE-VUL-17375.

Description of the vulnerability

Several vulnerabilities were announced in Oracle MySQL.

An attacker can use a vulnerability of Server : Partition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2015-2617]

An attacker can use a vulnerability of Server : DML, in order to trigger a denial of service. [severity:2/4; CVE-2015-2648]

An attacker can use a vulnerability of Server : DML, in order to trigger a denial of service. [severity:2/4; CVE-2015-2611]

An attacker can use a vulnerability of Server : GIS, in order to trigger a denial of service. [severity:2/4; CVE-2015-2582]

An attacker can use a vulnerability of Server : I_S, in order to trigger a denial of service. [severity:2/4; CVE-2015-4752]

An attacker can use a vulnerability of Server : InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2015-4756]

An attacker can use a vulnerability of Server : Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2015-2643]

An attacker can use a vulnerability of Server : Partition, in order to trigger a denial of service. [severity:2/4; CVE-2015-4772]

An attacker can use a vulnerability of Server : Memcached, in order to trigger a denial of service. [severity:2/4; CVE-2015-4761]

An attacker can use a vulnerability of Server : Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2015-4757]

An attacker can use a vulnerability of Server : Pluggable Auth, in order to obtain information. [severity:2/4; CVE-2015-4737]

An attacker can use a vulnerability of Server : RBR, in order to trigger a denial of service. [severity:2/4; CVE-2015-4771]

An attacker can use a vulnerability of Server : Security : Firewall, in order to trigger a denial of service. [severity:2/4; CVE-2015-4769]

An attacker can use a vulnerability of Server : Security : Firewall, in order to alter information. [severity:2/4; CVE-2015-2639]

An attacker can use a vulnerability of Server : Security : Privileges, in order to obtain information. [severity:2/4; CVE-2015-2620]

An attacker can use a vulnerability of Server : Security : Privileges, in order to trigger a denial of service. [severity:2/4; CVE-2015-2641]

An attacker can use a vulnerability of Client, in order to trigger a denial of service. [severity:1/4; CVE-2015-2661]

An attacker can use a vulnerability of Server : Security : Firewall, in order to trigger a denial of service. [severity:1/4; CVE-2015-4767]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-2590 CVE-2015-2596 CVE-2015-2597

Oracle Java: several vulnerabilities of July 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Java were announced in July 2015.
Impacted products: DCFM Enterprise, FabricOS, Brocade Network Advisor, Brocade vTM, Debian, Avamar, BIG-IP Hardware, TMOS, Fedora, AIX, DB2 UDB, Domino, Notes, IRAD, SPSS Data Collection, SPSS Modeler, SPSS Statistics, Tivoli Storage Manager, Tivoli System Automation, WebSphere MQ, Junos Space, ePO, SnapManager, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 25.
Creation date: 15/07/2015.
Identifiers: 1963330, 1963331, 1963812, 1964236, 1966040, 1966536, 1967222, 1967498, 1967893, 1968485, 1972455, 206954, 9010041, 9010044, BSA-2016-002, CERTFR-2015-ALE-007, CERTFR-2015-AVI-305, CERTFR-2016-AVI-128, cpujul2015, CVE-2015-2590, CVE-2015-2596, CVE-2015-2597, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760, DSA-3316-1, DSA-3339-1, ESA-2015-134, FEDORA-2015-11859, FEDORA-2015-11860, JSA10727, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1288-1, openSUSE-SU-2015:1289-1, RHSA-2015:1228-01, RHSA-2015:1229-01, RHSA-2015:1230-01, RHSA-2015:1241-01, RHSA-2015:1242-01, RHSA-2015:1243-01, RHSA-2015:1485-01, RHSA-2015:1486-01, RHSA-2015:1488-01, RHSA-2015:1526-01, RHSA-2015:1544-01, SB10139, SOL17079, SOL17169, SOL17170, SOL17171, SOL17173, SUSE-SU-2015:1319-1, SUSE-SU-2015:1320-1, SUSE-SU-2015:1329-1, SUSE-SU-2015:1331-1, SUSE-SU-2015:1345-1, SUSE-SU-2015:1375-1, SUSE-SU-2015:1509-1, SUSE-SU-2015:2166-1, SUSE-SU-2015:2192-1, USN-2696-1, USN-2706-1, VIGILANCE-VUL-17371.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-17558). [severity:3/4; CVE-2015-4760]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2628]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4731]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2590]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4732]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4733]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2638]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4736]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4748]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2597]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2664]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2632]

An attacker can use a vulnerability of JCE, in order to obtain information. [severity:2/4; CVE-2015-2601]

An attacker can use a vulnerability of JCE, in order to obtain information (VIGILANCE-VUL-18168). [severity:2/4; CVE-2015-2613]

An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; CVE-2015-2621]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; CVE-2015-2659]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2619]

An attacker can bypass security features in 2D, in order to obtain sensitive information. [severity:2/4; CVE-2015-2637]

An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; CVE-2015-2596]

An attacker can use a vulnerability of JNDI, in order to trigger a denial of service. [severity:2/4; CVE-2015-4749]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; CVE-2015-4729]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-4000]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-2808]

An attacker can use a vulnerability of Install, in order to obtain information. [severity:1/4; CVE-2015-2627]

An attacker can use a vulnerability of JSSE, in order to obtain information. [severity:1/4; CVE-2015-2625]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RHEL: