| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of RHEL
OpenStack Image Service: denial of service
Synthesis of the vulnerability
An attacker can generate a fatal error of OpenStack Image Service, in order to trigger a denial of service.
Impacted products: RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/05/2015.
Identifiers: CVE-2015-1881, RHSA-2015:0938-01, VIGILANCE-VUL-16820.
Description of the vulnerability
An attacker can generate a fatal error of OpenStack Image Service, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
OpenStack Image Service: memory leak
Synthesis of the vulnerability
An attacker can create a memory leak of OpenStack Image Service, in order to trigger a denial of service.
Impacted products: RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/05/2015.
Identifiers: CVE-2014-9684, RHSA-2015:0938-01, VIGILANCE-VUL-16819.
Description of the vulnerability
An attacker can create a memory leak of OpenStack Image Service, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
GnuTLS: accepting a MD5 signature
Synthesis of the vulnerability
An attacker, who can generate a signature on the fly (unlikely), can use a weak algorithm (MD5) with applications linked to GnuTLS, in order to act as a Man-in-the-Middle.
Impacted products: Debian, Fedora, openSUSE, Oracle Communications, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: internet server.
Creation date: 05/05/2015.
Identifiers: cpuoct2017, CVE-2015-7575, DSA-3437-1, FEDORA-2015-7942, GNUTLS-SA-2015-2, openSUSE-SU-2015:1372-1, RHSA-2016:0012-01, SLOTH, SSA:2015-233-01, SSA:2016-254-01, SUSE-SU-2016:0256-1, USN-2865-1, VIGILANCE-VUL-16813.
Description of the vulnerability
The GnuTLS library implements the support of the TLS 1.2 algorithm. In this version, the application can choose any combination of signature and hash algorithms.
When a TLS client receives a ServerKeyExchange message, it has to check if the algorithms chosen by the server match its security policy. Likewise, when a TLS server receives a ClientCertificateVerify message, it has to check if the algorithms chosen by the client match its security policy.
However, GnuTLS accepts MD5 signatures in any case.
This vulnerability has the same origin than VIGILANCE-VUL-18586.
An attacker, who can generate a signature on the fly (unlikely), can therefore use a weak algorithm (MD5) with applications linked to GnuTLS, in order to act as a Man-in-the-Middle.
Full Vigil@nce bulletin... (Free trial) |
Apache Xerces-C++: unreachable memory reading via XMLReader.cpp
Synthesis of the vulnerability
An attacker can force a read at an invalid address in XMLReader.cpp of Apache Xerces-C++, in order to trigger a denial of service.
Impacted products: Xerces-C++, Debian, Fedora, openSUSE, Oracle Communications, RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/03/2015.
Revision date: 04/05/2015.
Identifiers: cpuoct2018, CVE-2015-0252, DSA-3199-1, FEDORA-2015-4228, FEDORA-2015-4251, FEDORA-2015-4285, FEDORA-2015-4321, openSUSE-SU-2016:0966-1, RHSA-2015:1193-01, VIGILANCE-VUL-16432.
Description of the vulnerability
The Apache Xerces-C++ product uses the src/xercesc/internal/XMLReader.cpp file to analyze XML data.
However, several XMLReader.cpp finction try to read a memory area which is not reachable, which triggers a fatal error.
An attacker can therefore force a read at an invalid address in XMLReader.cpp of Apache Xerces-C++, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
JBoss Weld: information disclosure via Stale Thread State
Synthesis of the vulnerability
An attacker can bypass access restrictions to data in Stale Thread State of JBoss Weld, in order to obtain sensitive information.
Impacted products: RHEL, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 04/05/2015.
Identifiers: CVE-2014-8122, RHSA-2015:0215-01, RHSA-2015:0216-01, RHSA-2015:0217-01, RHSA-2015:0218-01, RHSA-2015:0675-01, RHSA-2015:0773-01, RHSA-2015:0850-01, RHSA-2015:0851-01, RHSA-2015:0920-01, VIGILANCE-VUL-16804.
Description of the vulnerability
An attacker can bypass access restrictions to data in Stale Thread State of JBoss Weld, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
JBoss AS: information disclosure via JacORB
Synthesis of the vulnerability
An attacker can bypass access restrictions to data in JacORB of JBoss AS, in order to obtain sensitive information.
Impacted products: RHEL, JBoss EAP by Red Hat, WildFly.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 04/05/2015.
Identifiers: CVE-2014-7853, RHSA-2015:0215-01, RHSA-2015:0216-01, RHSA-2015:0217-01, RHSA-2015:0218-01, RHSA-2015:0920-01, VIGILANCE-VUL-16803.
Description of the vulnerability
An attacker can bypass access restrictions to data in JacORB of JBoss AS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
JBoss AS: read-write access via RBAC
Synthesis of the vulnerability
An attacker can bypass access restrictions of RBAC of JBoss AS, in order to read or alter data.
Impacted products: RHEL, JBoss EAP by Red Hat, WildFly.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: intranet client.
Creation date: 04/05/2015.
Identifiers: CVE-2014-7849, RHSA-2015:0215-01, RHSA-2015:0216-01, RHSA-2015:0217-01, RHSA-2015:0218-01, RHSA-2015:0920-01, VIGILANCE-VUL-16802.
Description of the vulnerability
An attacker can bypass access restrictions of RBAC of JBoss AS, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: use after free via ping_unhash
Synthesis of the vulnerability
A local attacker can force the usage of a freed memory area in ping_unhash() of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: privileged shell.
Creation date: 04/05/2015.
Identifiers: CERTFR-2015-AVI-254, CERTFR-2015-AVI-261, CERTFR-2015-AVI-328, CERTFR-2015-AVI-357, CVE-2015-3636, DSA-3290-1, FEDORA-2015-7736, FEDORA-2015-8518, K17246, openSUSE-SU-2015:1382-1, openSUSE-SU-2016:0301-1, RHSA-2015:1221-01, RHSA-2015:1534-01, RHSA-2015:1564-01, RHSA-2015:1565-01, RHSA-2015:1583-01, RHSA-2015:1643-01, SOL17246, SUSE-SU-2015:1071-1, SUSE-SU-2015:1224-1, SUSE-SU-2015:1376-1, SUSE-SU-2015:1478-1, USN-2631-1, USN-2632-1, USN-2633-1, USN-2634-1, USN-2635-1, USN-2636-1, USN-2637-1, USN-2638-1, VIGILANCE-VUL-16801.
Description of the vulnerability
The Linux kernel supports sockets of type ping:
socket(PF_INET, SOCK_DGRAM, IPPROTO_ICMP)
The access to these sockets is usually restricted.
However, if the user disconnects, and the connects the socket, the ping_unhash() function frees a memory area before reusing it.
A local attacker can therefore force the usage of a freed memory area in ping_unhash() of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial) |
jQuery: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of jQuery, in order to execute JavaScript code in the context of the web site.
Impacted products: Debian, Fedora, jQuery Core, RHEL.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 04/05/2015.
Identifiers: CVE-2010-5312, DSA-3249-1, DSA-3249-2, FEDORA-2014-15967, FEDORA-2014-16048, RHSA-2015:0442-01, RHSA-2015:1462-01, VIGILANCE-VUL-16795.
Description of the vulnerability
An attacker can trigger a Cross Site Scripting of jQuery, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Squid: Man-in-the-Middle of SSL Bumping
Synthesis of the vulnerability
An attacker can act as a Man-in-the-Middle between Squid in ssl_bump client-first/bump mode and a server, in order to alter signatures.
Impacted products: Fedora, openSUSE, openSUSE Leap, Solaris, RHEL, Squid.
Severity: 3/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet server.
Creation date: 30/04/2015.
Identifiers: bulletinjul2015, CERTFR-2015-AVI-200, CVE-2015-3455, FEDORA-2016-7b40eb9e29, MDVSA-2015:230, openSUSE-SU-2015:1546-1, openSUSE-SU-2016:2081-1, RHSA-2015:2378-01, SQUID-2015:1, VIGILANCE-VUL-16788.
Description of the vulnerability
The Squid product uses the ssl_bump option to inspect SSL/TLS using several modes:
- client-first: establish a TLS session with the client, and then the server.
- server-first: establish a TLS session with the server, and then the client.
However, in the client-first or bump mode, the X.509 certificate of the SSL/TLS session is not checked by Squid.
An attacker can therefore act as a Man-in-the-Middle between Squid in ssl_bump client-first/bump mode and a server, in order to alter signatures.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about RHEL:
|