| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of RHEL
libunwind: buffer overflow of dwarf_to_unw_regnum
Synthesis of the vulnerability
An attacker can generate a buffer overflow in dwarf_to_unw_regnum of libunwind, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: CVE-2015-3239, FEDORA-2015-11354, FEDORA-2015-11465, openSUSE-SU-2015:1245-1, openSUSE-SU-2015:1245-2, openSUSE-SU-2019:0061-1, RHSA-2015:1675-01, RHSA-2015:1768-01, RHSA-2015:1769-01, SUSE-SU-2019:0284-1, VIGILANCE-VUL-17395.
Description of the vulnerability
An attacker can generate a buffer overflow in dwarf_to_unw_regnum of libunwind, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
PCRE: buffer overflow of find_fixedlength
Synthesis of the vulnerability
An attacker can generate a buffer overflow in find_fixedlength of PCRE, in order to trigger a denial of service, and possibly to run code.
Impacted products: BIG-IP Hardware, TMOS, Fedora, openSUSE, openSUSE Leap, Solaris, RHEL, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: bulletinjul2015, CERTFR-2018-AVI-288, CVE-2015-5073, FEDORA-2015-11019, FEDORA-2015-11027, FEDORA-2016-f59a8ff5d0, FEDORA-2016-fd1199dbe2, openSUSE-SU-2016:2805-1, openSUSE-SU-2016:3099-1, RHSA-2016:1025-01, RHSA-2016:1132-01, RHSA-2016:2750-01, SOL17331, TNS-2018-08, USN-2694-1, USN-2943-1, VIGILANCE-VUL-17390.
Description of the vulnerability
An attacker can generate a buffer overflow in find_fixedlength of PCRE, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
PCRE: buffer overflow of pcre_compile2
Synthesis of the vulnerability
An attacker can generate a buffer overflow in pcre_compile2 of PCRE, in order to trigger a denial of service, and possibly to run code.
Impacted products: BIG-IP Hardware, TMOS, Fedora, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: bulletinjul2015, CVE-2015-3210, FEDORA-2015-11019, FEDORA-2015-11027, FEDORA-2016-f59a8ff5d0, FEDORA-2016-fd1199dbe2, openSUSE-SU-2016:2805-1, openSUSE-SU-2016:3099-1, RHSA-2016:1132-01, RHSA-2016:2750-01, SOL17235, SSA:2015-328-01, USN-2694-1, USN-2943-1, VIGILANCE-VUL-17389.
Description of the vulnerability
An attacker can generate a buffer overflow in pcre_compile2 of PCRE, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
polkit: vulnerability
Synthesis of the vulnerability
A vulnerability of polkit was announced.
Impacted products: Fedora, openSUSE, openSUSE Leap, RHEL.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: user shell.
Creation date: 15/07/2015.
Identifiers: CVE-2015-3256, FEDORA-2015-11058, FEDORA-2015-11743, openSUSE-SU-2015:1734-1, openSUSE-SU-2015:1927-1, RHSA-2016:0189-01, VIGILANCE-VUL-17388.
Description of the vulnerability
A vulnerability of polkit was announced.
Full Vigil@nce bulletin... (Free trial) |
libwmf: use after free via wmf2gd/wmf2eps
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area in wmf2gd/wmf2eps of libwmf, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: CVE-2015-4696, DSA-3302-1, FEDORA-2015-10601, FEDORA-2015-10627, openSUSE-SU-2015:1212-1, RHSA-2015:1917-01, SSA:2018-120-01, USN-2670-1, VIGILANCE-VUL-17382.
Description of the vulnerability
An attacker can force the usage of a freed memory area in wmf2gd/wmf2eps of libwmf, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
libwmf: buffer overflow of meta_pen_create
Synthesis of the vulnerability
An attacker can generate a buffer overflow in meta_pen_create of libwmf, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: CVE-2015-4695, DSA-3302-1, FEDORA-2015-10601, FEDORA-2015-10627, openSUSE-SU-2015:1212-1, RHSA-2015:1917-01, SSA:2018-120-01, USN-2670-1, VIGILANCE-VUL-17381.
Description of the vulnerability
An attacker can generate a buffer overflow in meta_pen_create of libwmf, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
libwmf: integer overflow of RLE decoding
Synthesis of the vulnerability
An attacker can generate an integer overflow in RLE decoding of libwmf, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: CVE-2015-4588, DSA-3302-1, FEDORA-2015-10601, FEDORA-2015-10627, openSUSE-SU-2015:1132-1, openSUSE-SU-2015:1134-1, openSUSE-SU-2015:1212-1, RHSA-2015:1917-01, SSA:2018-120-01, USN-2670-1, VIGILANCE-VUL-17380.
Description of the vulnerability
An attacker can generate an integer overflow in RLE decoding of libwmf, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Apache httpd: three vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Apache httpd.
Impacted products: Apache httpd, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Domino, Tivoli System Automation, WebSphere AS Traditional, openSUSE, Solaris, Puppet, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/07/2015.
Identifiers: 1963361, 1965444, 1967197, 1969062, bulletinoct2015, c04832246, c04926789, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185, DSA-3325-1, DSA-3325-2, FEDORA-2015-11689, FEDORA-2015-11792, HPSBUX03435, HPSBUX03512, openSUSE-SU-2015:1684-1, RHSA-2015:1666-01, RHSA-2015:1667-01, RHSA-2015:1668-01, RHSA-2015:2659-01, RHSA-2015:2660-01, RHSA-2015:2661-01, RHSA-2016:0062-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SOL17251, SSA:2015-198-01, SSRT102254, SSRT102977, USN-2686-1, VIGILANCE-VUL-17378.
Description of the vulnerability
Several vulnerabilities were announced in Apache httpd.
An attacker can generate an error during the analysis of the HTTP Chunk header, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-3183]
The ap_some_auth_required directive is not honored, so an attacker can access to the service with no authentication. [severity:2/4; CVE-2015-3185]
When the configuration of "ErrorDocument 400" points to a local url/file, and when the INCLUDES filter is enabled, an attacker can trigger a denial of service. [severity:2/4; CVE-2015-0253]
Full Vigil@nce bulletin... (Free trial) |
Oracle MySQL: several vulnerabilities of July 2015
Synthesis of the vulnerability
Several vulnerabilities of Oracle MySQL were announced in July 2015.
Impacted products: Debian, Fedora, Junos Space, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE, Solaris, Percona Server, RHEL, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 18.
Creation date: 15/07/2015.
Identifiers: bulletinapr2016, bulletinapr2017, bulletinjul2016, CERTFR-2015-AVI-304, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, cpujul2015, CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772, DSA-3308-1, FEDORA-2015-12544, FEDORA-2015-12570, FEDORA-2015-13482, JSA10698, openSUSE-SU-2015:1629-1, RHSA-2015:1628-01, RHSA-2015:1629-01, RHSA-2015:1630-01, RHSA-2015:1646-01, RHSA-2015:1647-01, RHSA-2015:1665-01, USN-2674-1, VIGILANCE-VUL-17375.
Description of the vulnerability
Several vulnerabilities were announced in Oracle MySQL.
An attacker can use a vulnerability of Server : Partition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2015-2617]
An attacker can use a vulnerability of Server : DML, in order to trigger a denial of service. [severity:2/4; CVE-2015-2648]
An attacker can use a vulnerability of Server : DML, in order to trigger a denial of service. [severity:2/4; CVE-2015-2611]
An attacker can use a vulnerability of Server : GIS, in order to trigger a denial of service. [severity:2/4; CVE-2015-2582]
An attacker can use a vulnerability of Server : I_S, in order to trigger a denial of service. [severity:2/4; CVE-2015-4752]
An attacker can use a vulnerability of Server : InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2015-4756]
An attacker can use a vulnerability of Server : Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2015-2643]
An attacker can use a vulnerability of Server : Partition, in order to trigger a denial of service. [severity:2/4; CVE-2015-4772]
An attacker can use a vulnerability of Server : Memcached, in order to trigger a denial of service. [severity:2/4; CVE-2015-4761]
An attacker can use a vulnerability of Server : Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2015-4757]
An attacker can use a vulnerability of Server : Pluggable Auth, in order to obtain information. [severity:2/4; CVE-2015-4737]
An attacker can use a vulnerability of Server : RBR, in order to trigger a denial of service. [severity:2/4; CVE-2015-4771]
An attacker can use a vulnerability of Server : Security : Firewall, in order to trigger a denial of service. [severity:2/4; CVE-2015-4769]
An attacker can use a vulnerability of Server : Security : Firewall, in order to alter information. [severity:2/4; CVE-2015-2639]
An attacker can use a vulnerability of Server : Security : Privileges, in order to obtain information. [severity:2/4; CVE-2015-2620]
An attacker can use a vulnerability of Server : Security : Privileges, in order to trigger a denial of service. [severity:2/4; CVE-2015-2641]
An attacker can use a vulnerability of Client, in order to trigger a denial of service. [severity:1/4; CVE-2015-2661]
An attacker can use a vulnerability of Server : Security : Firewall, in order to trigger a denial of service. [severity:1/4; CVE-2015-4767]
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: several vulnerabilities of July 2015
Synthesis of the vulnerability
Several vulnerabilities of Oracle Java were announced in July 2015.
Impacted products: DCFM Enterprise, FabricOS, Brocade Network Advisor, Brocade vTM, Debian, Avamar, BIG-IP Hardware, TMOS, Fedora, AIX, DB2 UDB, Domino, Notes, IRAD, SPSS Data Collection, SPSS Modeler, SPSS Statistics, Tivoli Storage Manager, Tivoli System Automation, WebSphere MQ, Junos Space, ePO, SnapManager, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 25.
Creation date: 15/07/2015.
Identifiers: 1963330, 1963331, 1963812, 1964236, 1966040, 1966536, 1967222, 1967498, 1967893, 1968485, 1972455, 206954, 9010041, 9010044, BSA-2016-002, CERTFR-2015-ALE-007, CERTFR-2015-AVI-305, CERTFR-2016-AVI-128, cpujul2015, CVE-2015-2590, CVE-2015-2596, CVE-2015-2597, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760, DSA-3316-1, DSA-3339-1, ESA-2015-134, FEDORA-2015-11859, FEDORA-2015-11860, JSA10727, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1288-1, openSUSE-SU-2015:1289-1, RHSA-2015:1228-01, RHSA-2015:1229-01, RHSA-2015:1230-01, RHSA-2015:1241-01, RHSA-2015:1242-01, RHSA-2015:1243-01, RHSA-2015:1485-01, RHSA-2015:1486-01, RHSA-2015:1488-01, RHSA-2015:1526-01, RHSA-2015:1544-01, SB10139, SOL17079, SOL17169, SOL17170, SOL17171, SOL17173, SUSE-SU-2015:1319-1, SUSE-SU-2015:1320-1, SUSE-SU-2015:1329-1, SUSE-SU-2015:1331-1, SUSE-SU-2015:1345-1, SUSE-SU-2015:1375-1, SUSE-SU-2015:1509-1, SUSE-SU-2015:2166-1, SUSE-SU-2015:2192-1, USN-2696-1, USN-2706-1, VIGILANCE-VUL-17371.
Description of the vulnerability
Several vulnerabilities were announced in Oracle Java.
An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-17558). [severity:3/4; CVE-2015-4760]
An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2628]
An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4731]
An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2590]
An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4732]
An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4733]
An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2638]
An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4736]
An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4748]
An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2597]
An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2664]
An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2632]
An attacker can use a vulnerability of JCE, in order to obtain information. [severity:2/4; CVE-2015-2601]
An attacker can use a vulnerability of JCE, in order to obtain information (VIGILANCE-VUL-18168). [severity:2/4; CVE-2015-2613]
An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; CVE-2015-2621]
An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; CVE-2015-2659]
An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2619]
An attacker can bypass security features in 2D, in order to obtain sensitive information. [severity:2/4; CVE-2015-2637]
An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; CVE-2015-2596]
An attacker can use a vulnerability of JNDI, in order to trigger a denial of service. [severity:2/4; CVE-2015-4749]
An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; CVE-2015-4729]
An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-4000]
An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-2808]
An attacker can use a vulnerability of Install, in order to obtain information. [severity:1/4; CVE-2015-2627]
An attacker can use a vulnerability of JSSE, in order to obtain information. [severity:1/4; CVE-2015-2625]
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about RHEL:
|