| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Rational ClearCase
WebSphere AS: information disclosure via Administrative Console
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Administrative Console of WebSphere AS, in order to obtain sensitive information.
Impacted products: Rational ClearCase, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 03/05/2018.
Identifiers: 2013601, 2016332, 2016547, CVE-2017-1743, swg22016163, VIGILANCE-VUL-26037.
Description of the vulnerability
An attacker can bypass access restrictions to data via Administrative Console of WebSphere AS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: vulnerabilities of April 2018
Synthesis of the vulnerability
Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, AIX, DB2 UDB, IBM i, IRAD, Rational ClearCase, Security Directory Server, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 18/04/2018.
Identifiers: 2016282, CERTFR-2018-AVI-188, cpuapr2018, CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2811, CVE-2018-2814, CVE-2018-2815, CVE-2018-2825, CVE-2018-2826, DSA-4185-1, DSA-4225-1, FEDORA-2018-40c4930c83, FEDORA-2018-579ff80ed8, FEDORA-2018-77533e644b, FEDORA-2018-9aa8064e12, ibm10713455, ibm10715641, ibm10716001, ibm10717125, ibm10717149, ibm10717207, ibm10717275, ibm10717537, ibm10718843, ibm10719319, ibm10719993, K15217245, K33924005, K44923228, K70321874, openSUSE-SU-2018:1710-1, openSUSE-SU-2018:1719-1, RHSA-2018:1188-01, RHSA-2018:1191-01, RHSA-2018:1201-01, RHSA-2018:1202-01, RHSA-2018:1203-01, RHSA-2018:1204-01, RHSA-2018:1205-01, RHSA-2018:1206-01, RHSA-2018:1270-01, RHSA-2018:1278-01, RHSA-2018:1721-01, RHSA-2018:1722-01, RHSA-2018:1723-01, RHSA-2018:1724-01, SB10234, SUSE-SU-2018:1447-1, SUSE-SU-2018:1458-1, SUSE-SU-2018:1690-1, SUSE-SU-2018:1692-1, SUSE-SU-2018:1738-1, SUSE-SU-2018:1764-1, SUSE-SU-2018:1938-1, SUSE-SU-2018:1938-2, SUSE-SU-2018:2068-1, swg22016419, USN-3644-1, USN-3691-1, USN-3747-1, USN-3747-2, VIGILANCE-VUL-25899, ZDI-18-306, ZDI-18-307.
Description of the vulnerability
Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial) |
GSKit: vulnerability
Synthesis of the vulnerability
A vulnerability of GSKit was announced.
Impacted products: AIX, Rational ClearCase, SPSS Modeler, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: internet client.
Creation date: 03/04/2018.
Identifiers: 2012827, 2014202, 2014575, 2014651, 2015080, CVE-2018-1447, ibm10732391, ibm10733605, ibm10738249, VIGILANCE-VUL-25757.
Description of the vulnerability
A vulnerability of GSKit was announced.
Full Vigil@nce bulletin... (Free trial) |
IBM GSKit: three vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of IBM GSKit.
Impacted products: AIX, DB2 UDB, Rational ClearCase, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 30/03/2018.
Identifiers: 1994955, 2012827, 2014202, 2014651, 2014669, 2015080, CVE-2018-1426, CVE-2018-1427, CVE-2018-1428, ibm10732391, ibm10733605, ibm10738249, VIGILANCE-VUL-25729.
Description of the vulnerability
An attacker can use several vulnerabilities of IBM GSKit.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: denial of service via Recursive ASN.1
Synthesis of the vulnerability
An attacker can generate a fatal error via Recursive ASN.1 of OpenSSL, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Avamar, BIG-IP Hardware, TMOS, Fedora, AIX, IBM i, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, WebSphere MQ, MariaDB ~ precise, McAfee Email Gateway, MySQL Community, MySQL Enterprise, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, RHEL, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, X2GoClient.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 27/03/2018.
Identifiers: 2015887, 524146, bulletinjan2019, CERTFR-2018-AVI-155, cpuapr2019, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-0739, DLA-1330-1, DSA-2018-125, DSA-4157-1, DSA-4158-1, FEDORA-2018-1b4f1158e2, FEDORA-2018-40dc8b8b16, FEDORA-2018-76afaf1961, FEDORA-2018-9490b422e7, ibm10715641, ibm10717211, ibm10717405, ibm10717409, ibm10719319, ibm10733605, ibm10738249, ibm10874728, K08044291, N1022561, openSUSE-SU-2018:0936-1, openSUSE-SU-2018:1057-1, openSUSE-SU-2018:2208-1, openSUSE-SU-2018:2238-1, openSUSE-SU-2018:2524-1, openSUSE-SU-2018:2695-1, PAN-SA-2018-0015, RHSA-2018:3090-01, RHSA-2018:3221-01, SA166, SB10243, SSA-181018, SUSE-SU-2018:0902-1, SUSE-SU-2018:0905-1, SUSE-SU-2018:0906-1, SUSE-SU-2018:0975-1, SUSE-SU-2018:2072-1, SUSE-SU-2018:2158-1, SUSE-SU-2018:2683-1, Synology-SA-18:51, USN-3611-1, USN-3611-2, VIGILANCE-VUL-25666.
Description of the vulnerability
An attacker can generate a fatal error via Recursive ASN.1 of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
curl: two vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of libcurl.
Impacted products: OpenOffice, curl, Debian, Unisphere EMC, Fedora, Rational ClearCase, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/01/2018.
Identifiers: 2014495, bulletinapr2018, CVE-2018-1000005, CVE-2018-1000007, DLA-1263-1, DSA-2019-114, DSA-4098-1, FEDORA-2018-241a5a2409, FEDORA-2018-85655b12b6, JSA10874, openSUSE-SU-2018:0236-1, RHSA-2018:3157-01, RHSA-2018:3558-01, SSA:2018-024-01, USN-3554-1, USN-3554-2, VIGILANCE-VUL-25147.
Description of the vulnerability
An attacker can use several vulnerabilities of libcurl.
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: vulnerabilities of January 2018
Synthesis of the vulnerability
Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, Fedora, AIX, DB2 UDB, IBM i, IRAD, Rational ClearCase, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 21.
Creation date: 17/01/2018.
Identifiers: 2013818, 2014315, 2015656, 2016042, 2016207, 2016278, 2016496, 2016502, CERTFR-2018-AVI-036, cpujan2018, CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2675, CVE-2018-2677, CVE-2018-2678, DLA-1339-1, DSA-4144-1, DSA-4166-1, FEDORA-2018-223d8fc52a, FEDORA-2018-a82015aa02, FEDORA-2018-d50769efa0, FEDORA-2018-e2e52fb0bf, ibm10715641, ibm10717143, ibm10717207, ibm10718843, ibm10719115, ibm10719319, JSA10873, N1022544, openSUSE-SU-2018:0679-1, openSUSE-SU-2018:0684-1, RHSA-2018:0095-01, RHSA-2018:0099-01, RHSA-2018:0100-01, RHSA-2018:0115-01, RHSA-2018:0349-01, RHSA-2018:0351-01, RHSA-2018:0352-01, RHSA-2018:0458-01, RHSA-2018:0521-01, SB10225, SUSE-SU-2018:0630-1, SUSE-SU-2018:0645-1, SUSE-SU-2018:0661-1, SUSE-SU-2018:0663-1, SUSE-SU-2018:0665-1, SUSE-SU-2018:0694-1, USN-3613-1, USN-3614-1, VIGILANCE-VUL-25082.
Description of the vulnerability
Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: Man-in-the-Middle via bn_sqrx8x_internal
Synthesis of the vulnerability
An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Impacted products: SDS, SNS, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, hMailServer, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Email Gateway, McAfee NSP, McAfee NTBA, VirusScan, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, pfSense, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 02/11/2017.
Identifiers: 2012827, 2013025, 2014202, 2014651, 2014669, 2015080, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-391, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2017-3736, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, ibm10715641, ibm10719113, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10851, K14363514, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA157, SB10211, SB10220, SSA:2017-306-02, STORM-2017-006, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24316.
Description of the vulnerability
An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: vulnerabilities of October 2017
Synthesis of the vulnerability
Several vulnerabilities were announced in Oracle Java.
Impacted products: Debian, Fedora, AIX, DB2 UDB, IRAD, Rational ClearCase, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 20.
Creation date: 18/10/2017.
Identifiers: 2010282, 2010560, 2011264, 2012279, 2013081, 2013150, 2013545, 2014202, 2014981, 2015655, 2015825, 2016207, CERTFR-2017-AVI-366, cpuoct2017, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10341, CVE-2017-10342, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10380, CVE-2017-10386, CVE-2017-10388, DLA-1187-1, DSA-4015-1, DSA-4048-1, FEDORA-2017-7b17451b82, FEDORA-2017-98a361c2b5, FEDORA-2017-b1492e4844, FEDORA-2017-e7938fd7d7, ibm10718843, JSA10873, openSUSE-SU-2017:2998-1, openSUSE-SU-2018:0042-1, RHSA-2017:2998-01, RHSA-2017:2999-01, RHSA-2017:3046-01, RHSA-2017:3047-01, RHSA-2017:3264-01, RHSA-2017:3267-01, RHSA-2017:3268-01, RHSA-2017:3392-01, SB10212, SRC-2017-0028, SUSE-SU-2017:2989-1, SUSE-SU-2017:3235-1, SUSE-SU-2017:3369-1, SUSE-SU-2017:3411-1, SUSE-SU-2017:3440-1, SUSE-SU-2017:3455-1, SUSE-SU-2018:0005-1, SUSE-SU-2018:0061-1, swg22012279, Synology-SA-17:66, USN-3473-1, USN-3497-1, VIGILANCE-VUL-24161.
Description of the vulnerability
Several vulnerabilities were announced in Oracle Java.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Brocade vTM, Cisco ASR, Cisco ATA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Router, Cisco CUCM, Cisco Manager Attendant Console, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, FreeBSD, hMailServer, AIX, Domino, Notes, IRAD, Rational ClearCase, Security Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, Junos OS, Juniper Network Connect, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, ePO, Meinberg NTP Server, MySQL Community, MySQL Enterprise, Data ONTAP 7-Mode, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier, Palo Alto Firewall PA***, PAN-OS, Percona Server, pfSense, Pulse Connect Secure, Pulse Secure Client, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, TrendMicro ServerProtect, Ubuntu, VxWorks, WinSCP.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 26/01/2017.
Identifiers: 1117414, 2000544, 2000988, 2000990, 2002331, 2004036, 2004940, 2009389, 2010154, 2011567, 2012827, 2014202, 2014651, 2014669, 2015080, BSA-2016-204, BSA-2016-207, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2016-234, bulletinapr2017, bulletinjan2018, bulletinoct2017, CERTFR-2017-AVI-035, CERTFR-2018-AVI-343, cisco-sa-20170130-openssl, cpuapr2017, cpuapr2019, cpujan2018, cpujul2017, cpujul2018, cpuoct2017, CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FG-IR-17-019, FreeBSD-SA-17:02.openssl, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10775, K37526132, K43570545, K44512851, K-510805, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0481-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2017:2011-1, openSUSE-SU-2017:2868-1, openSUSE-SU-2018:0458-1, PAN-70674, PAN-73914, PAN-SA-2017-0012, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2017:0286-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA141, SA40423, SB10188, SSA:2017-041-02, SUSE-SU-2018:0112-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-03, USN-3181-1, VIGILANCE-VUL-21692.
Description of the vulnerability
Several vulnerabilities were announced in OpenSSL.
An attacker can force a read at an invalid address via Truncated Packet, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-3731]
An attacker can force a NULL pointer to be dereferenced via DHE/ECDHE Parameters, in order to trigger a denial of service. [severity:2/4; CVE-2017-3730]
An attacker can use a carry propagation error via BN_mod_exp(), in order to compute the private key. [severity:1/4; CVE-2017-3732]
An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Rational ClearCase:
|