| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of SnapManager
Oracle Java: vulnerabilities of January 2017
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Oracle Java.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 18/01/2017.
Identifiers: 1998379, 1998858, 1999054, 1999999, 2000212, 2000304, 2000516, 2000544, 2000602, 2000988, 2000990, 2001608, 2002331, 2002335, 2002336, 2002479, 2002537, 2002966, 2002991, 2003145, 2004036, 2004938, 2007242, bulletinapr2017, CERTFR-2017-AVI-017, cpujan2017, CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3260, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289, DLA-802-1, DLA-821-1, DSA-2019-131, DSA-3782-1, ERPSCAN-17-006, ESA-2017-051, FEDORA-2017-4cb58f0bda, FEDORA-2017-c1252ccd41, ibm10718843, java_jan2017_advisory, NTAP-20170119-0001, openSUSE-SU-2017:0374-1, openSUSE-SU-2017:0513-1, RHSA-2017:0175-01, RHSA-2017:0176-01, RHSA-2017:0177-01, RHSA-2017:0180-01, RHSA-2017:0263-01, RHSA-2017:0269-01, RHSA-2017:0336-01, RHSA-2017:0337-01, RHSA-2017:0338-01, RHSA-2017:0462-01, SB10186, SUSE-SU-2017:0346-1, SUSE-SU-2017:0460-1, SUSE-SU-2017:0490-1, SUSE-SU-2017:1444-1, USN-3179-1, USN-3194-1, USN-3198-1, VIGILANCE-VUL-21606, ZDI-17-056, ZDI-17-057.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in Oracle Java.
An attacker can use a vulnerability via Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3289, ZDI-17-057]
An attacker can use a vulnerability via Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3272, ZDI-17-056]
An attacker can use a vulnerability via RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3241]
An attacker can use a vulnerability via AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3260]
An attacker can use a vulnerability via 2D, in order to trigger a denial of service. [severity:3/4; CVE-2017-3253]
An attacker can use a vulnerability via Libraries, in order to alter information. [severity:3/4; CVE-2016-5546]
An attacker can use a vulnerability via Libraries, in order to obtain information. [severity:2/4; CVE-2016-5549]
An attacker can use a vulnerability via Libraries, in order to obtain information. [severity:2/4; CVE-2016-5548]
An attacker can use a vulnerability via JAAS, in order to alter information. [severity:2/4; CVE-2017-3252]
An attacker can use a vulnerability via Java Mission Control, in order to obtain information. [severity:2/4; CVE-2017-3262]
An attacker can use a vulnerability via Libraries, in order to trigger a denial of service. [severity:2/4; CVE-2016-5547]
An attacker can use a vulnerability via Networking, in order to alter information. [severity:2/4; CVE-2016-5552]
An attacker can use a vulnerability via Networking, in order to obtain information. [severity:2/4; CVE-2017-3231]
An attacker can use a vulnerability via Networking, in order to obtain information. [severity:2/4; CVE-2017-3261]
An attacker can use a vulnerability via Deployment, in order to obtain information. [severity:1/4; CVE-2017-3259]
An attacker can use a vulnerability via Java Mission Control, in order to alter information. [severity:1/4; CVE-2016-8328]
An attacker can use a vulnerability via Libraries, in order to obtain information. [severity:1/4; CVE-2016-2183]
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: vulnerabilities of October 2016
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Oracle Java.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 19/10/2016.
Identifiers: 1993440, 1994049, 1994123, 1994478, 1997764, 1999054, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 2000212, 2000544, 2000904, 2000988, 2000990, 2001608, 2002331, 2002479, 2002537, 2003145, 2004036, 491108, CERTFR-2016-AVI-349, CERTFR-2017-AVI-012, cpuoct2016, CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5568, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597, DLA-704-1, DSA-3707-1, ESA-2016-137, FEDORA-2016-73054cfeeb, JSA10770, NTAP-20161019-0001, openSUSE-SU-2016:2862-1, openSUSE-SU-2016:2900-1, openSUSE-SU-2016:2985-1, openSUSE-SU-2016:2990-1, openSUSE-SU-2016:3088-1, RHSA-2016:2079-01, RHSA-2016:2088-01, RHSA-2016:2089-01, RHSA-2016:2090-01, RHSA-2016:2136-01, RHSA-2016:2137-01, RHSA-2016:2138-01, RHSA-2016:2658-01, RHSA-2016:2659-01, RHSA-2017:0061-01, SUSE-SU-2016:2887-1, SUSE-SU-2016:3010-1, SUSE-SU-2016:3040-1, SUSE-SU-2016:3041-1, SUSE-SU-2016:3043-1, SUSE-SU-2016:3068-1, SUSE-SU-2016:3078-1, USN-3121-1, USN-3130-1, USN-3154-1, VIGILANCE-VUL-20906, ZDI-16-571.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in Oracle Java.
An attacker can use a vulnerability via 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5556]
An attacker can use a vulnerability via AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5568, ZDI-16-571]
An attacker can use a vulnerability via Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5582]
An attacker can use a vulnerability via Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5573]
An attacker can use a vulnerability via Networking, in order to obtain information. [severity:2/4; CVE-2016-5597]
An attacker can use a vulnerability via JMX, in order to alter information. [severity:2/4; CVE-2016-5554]
An attacker can use a vulnerability via Libraries, in order to alter information. [severity:1/4; CVE-2016-5542]
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: multiple vulnerabilities of January 2016
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Oracle Java.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 9.
Creation date: 20/01/2016.
Identifiers: 1975365, 1975424, 1976200, 1976262, 1976896, 1977127, 1977129, 1977405, 1977518, 479387, 7043086, 9010057, BSA-2016-004, CERTFR-2015-AVI-488, CERTFR-2016-AVI-027, cpujan2016, CVE-2015-7575, CVE-2015-8126, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494, DSA-3458-1, DSA-3465-1, ESA-2016-003, FEDORA-2016-3ea667977a, FEDORA-2016-946b98126d, NTAP-20160121-0001, openSUSE-SU-2016:0263-1, openSUSE-SU-2016:0268-1, openSUSE-SU-2016:0270-1, openSUSE-SU-2016:0272-1, openSUSE-SU-2016:0279-1, RHSA-2016:0049-01, RHSA-2016:0050-01, RHSA-2016:0053-01, RHSA-2016:0054-01, RHSA-2016:0055-01, RHSA-2016:0056-01, RHSA-2016:0057-01, RHSA-2016:0067-01, RHSA-2016:0098-01, RHSA-2016:0099-01, RHSA-2016:0100-01, RHSA-2016:0101-01, SB10148, SLOTH, SOL50118123, SUSE-SU-2016:0256-1, SUSE-SU-2016:0265-1, SUSE-SU-2016:0269-1, SUSE-SU-2016:0390-1, SUSE-SU-2016:0399-1, SUSE-SU-2016:0401-1, SUSE-SU-2016:0428-1, SUSE-SU-2016:0431-1, SUSE-SU-2016:0433-1, SUSE-SU-2016:0636-1, SUSE-SU-2016:0770-1, SUSE-SU-2016:0776-1, USN-2884-1, USN-2885-1, VIGILANCE-VUL-18761, ZDI-16-032.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in Oracle Java.
An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-21215). [severity:3/4; CVE-2016-0494]
An attacker can use a vulnerability of AWT libpng, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-18301). [severity:3/4; CERTFR-2015-AVI-488, CVE-2015-8126]
An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0483, ZDI-16-032]
An attacker can use a vulnerability of Libraries, in order to obtain or alter information. [severity:2/4; CVE-2016-0475]
An attacker can use a vulnerability of Networking, in order to alter information. [severity:2/4; CVE-2016-0402]
An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2016-0466]
An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; CVE-2016-0448]
An attacker can create a MD5 collision in a TLS 1.2 session, in order to capture data belonging to this session (VIGILANCE-VUL-18586). [severity:2/4; CVE-2015-7575, SLOTH]
An attacker can generate a buffer overflow in HtmlConverter, in order to trigger a denial of service, and possibly to run code. [severity:2/4]
Full Vigil@nce bulletin... (Free trial) |
Mozilla NSS, OpenSSL, Oracle Java: MD5 allowed in TLS 1.2
Synthesis of the vulnerability
An attacker can create a MD5 collision in a TLS 1.2 session of Mozilla NSS, OpenSSL or Oracle Java, in order to capture data belonging to this session.
Severity: 1/4.
Creation date: 28/12/2015.
Revision date: 08/01/2016.
Identifiers: 000008896, 1974958, 1975290, 1975424, 1976113, 1976148, 1976200, 1976262, 1976362, 1976363, 1977405, 1977517, 1977518, 1977523, 9010065, cpujan2016, cpuoct2017, CVE-2015-7575, DSA-3436-1, DSA-3457-1, DSA-3465-1, DSA-3491-1, DSA-3688-1, FEDORA-2016-4aeba0f53d, MFSA-2015-150, NTAP-20160225-0001, NTAP20160225-001, openSUSE-SU-2015:2405-1, openSUSE-SU-2016:0007-1, openSUSE-SU-2016:0161-1, openSUSE-SU-2016:0162-1, openSUSE-SU-2016:0263-1, openSUSE-SU-2016:0268-1, openSUSE-SU-2016:0270-1, openSUSE-SU-2016:0272-1, openSUSE-SU-2016:0279-1, openSUSE-SU-2016:0307-1, openSUSE-SU-2016:0308-1, openSUSE-SU-2016:0488-1, RHSA-2016:0007-01, RHSA-2016:0008-01, RHSA-2016:0049-01, RHSA-2016:0050-01, RHSA-2016:0053-01, RHSA-2016:0054-01, RHSA-2016:0055-01, RHSA-2016:0056-01, RHSA-2016:0098-01, RHSA-2016:0099-01, RHSA-2016:0100-01, RHSA-2016:0101-01, SA108, SLOTH, SUSE-SU-2016:0256-1, SUSE-SU-2016:0265-1, SUSE-SU-2016:0269-1, SUSE-SU-2016:0390-1, SUSE-SU-2016:0399-1, SUSE-SU-2016:0401-1, SUSE-SU-2016:0428-1, SUSE-SU-2016:0431-1, SUSE-SU-2016:0433-1, SUSE-SU-2016:0770-1, SUSE-SU-2016:0776-1, USN-2863-1, USN-2864-1, USN-2866-1, USN-2884-1, USN-2904-1, VIGILANCE-VUL-18586.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Mozilla NSS, OpenSSL and Oracle Java products implement TLS version 1.2.
The MD5 hashing algorithm is weak. However, it is accepted in signatures of TLS 1.2 ServerKeyExchange messages.
An attacker can therefore create a MD5 collision in a TLS 1.2 session of Mozilla NSS, OpenSSL or Oracle Java, in order to capture data belonging to this session.
Full Vigil@nce bulletin... (Free trial) |
Apache Commons Collections: code execution via InvokerTransformer
Synthesis of the vulnerability
An attacker can send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 12.
Creation date: 12/11/2015.
Identifiers: 1610582, 1970575, 1971370, 1971531, 1971533, 1971751, 1972261, 1972373, 1972565, 1972794, 1972839, 2011281, 7014463, 7022958, 9010052, BSA-2016-004, bulletinjul2016, c04953244, c05050545, c05206507, c05325823, c05327447, CERTFR-2015-AVI-484, CERTFR-2015-AVI-555, cisco-sa-20151209-java-deserialization, COLLECTIONS-580, cpuapr2017, cpuapr2018, cpujan2017, cpujan2018, cpujul2017, cpuoct2016, cpuoct2017, cpuoct2018, CVE-2015-4852, CVE-2015-6420, CVE-2015-6934, CVE-2015-7420-ERROR, CVE-2015-7450, CVE-2015-7501, CVE-2015-8545, CVE-2015-8765, CVE-2016-1985, CVE-2016-1997, CVE-2016-4373, CVE-2016-4398, DSA-3403-1, HPSBGN03542, HPSBGN03560, HPSBGN03630, HPSBGN03656, HPSBGN03670, JSA10838, NTAP-20151123-0001, RHSA-2015:2500-01, RHSA-2015:2501-01, RHSA-2015:2502-01, RHSA-2015:2516-01, RHSA-2015:2517-01, RHSA-2015:2521-01, RHSA-2015:2522-01, RHSA-2015:2523-01, RHSA-2015:2524-01, RHSA-2015:2534-01, RHSA-2015:2535-01, RHSA-2015:2536-01, RHSA-2015:2537-01, RHSA-2015:2538-01, RHSA-2015:2539-01, RHSA-2015:2540-01, RHSA-2015:2541-01, RHSA-2015:2542-01, RHSA-2015:2547-01, RHSA-2015:2548-01, RHSA-2015:2556-01, RHSA-2015:2557-01, RHSA-2015:2559-01, RHSA-2015:2560-01, RHSA-2015:2578-01, RHSA-2015:2579-01, RHSA-2015:2670-01, RHSA-2015:2671-01, RHSA-2016:0040-01, RHSA-2016:0118-01, SA110, SB10144, SOL30518307, VIGILANCE-VUL-18294, VMSA-2015-0009, VMSA-2015-0009.1, VMSA-2015-0009.2, VMSA-2015-0009.3, VMSA-2015-0009.4, VU#576313.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Apache Commons Collections library is used by several Java applications.
A Java Gadgets ("gadget chains") object can contain Transformers, with an "exec" string containing a shell command which is run with the Java.lang.Runtime.exec() method. When raw data are unserialized, the readObject() method is thus called to rebuild the Gadgets object, and it uses InvokerTransformer, which runs the indicated shell command.
It can be noted that other classes (CloneTransformer, ForClosure, InstantiateFactory, InstantiateTransformer, PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure) also execute a shell command from raw data to deserialize.
However, several applications publicly expose (before authentication) the Java unserialization feature.
An attacker can therefore send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code.
Full Vigil@nce bulletin... (Free trial) |
Bouncy Castle, Oracle Java: disclosure of elliptic curve private keys
Synthesis of the vulnerability
An attacker can use a vulnerability in the elliptic curve implementation of Bouncy Castle and Oracle Java, in order to obtain sensitive information.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/10/2015.
Identifiers: 1968485, 1972455, 9010041, 9010044, BSA-2016-002, CERTFR-2019-AVI-325, cpuapr2018, cpujan2017, cpujan2018, cpujan2019, cpujul2015, cpujul2017, cpujul2018, cpuoct2017, CVE-2015-2613, CVE-2015-7940, DSA-3417-1, FEDORA-2015-7d95466eda, JSA10939, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1911-1, RHSA-2016:2035-01, RHSA-2016:2036-01, USN-3727-1, VIGILANCE-VUL-18168.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Bouncy Castle and Oracle Java products implement algorithms based on elliptic curves.
However, if the client forces the server to compute a common secret based on points located outside the chosen curve, he can progressively guess the full server key.
An attacker can therefore use a vulnerability in the elliptic curve implementation of Bouncy Castle and Oracle Java, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: several vulnerabilities of October 2015
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Oracle Java.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 26.
Creation date: 21/10/2015.
Identifiers: 1969620, 1971361, 1971479, 1973785, 1974831, 1978806, 1981838, 56203, 9010041, 9010044, BSA-2016-002, BSA-2016-004, CERTFR-2015-AVI-439, cpuoct2015, CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4871, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4901, CVE-2015-4902, CVE-2015-4903, CVE-2015-4906, CVE-2015-4908, CVE-2015-4911, CVE-2015-4916, DSA-3381-1, DSA-3381-2, DSA-3401-1, FEDORA-2015-27cfe187b5, FEDORA-2015-ce54f85a3e, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1902-1, openSUSE-SU-2015:1905-1, openSUSE-SU-2015:1906-1, openSUSE-SU-2015:1971-1, openSUSE-SU-2016:0268-1, openSUSE-SU-2016:0270-1, openSUSE-SU-2016:0272-1, openSUSE-SU-2016:0279-1, RHSA-2015:1919-01, RHSA-2015:1920-01, RHSA-2015:1921-01, RHSA-2015:1926-01, RHSA-2015:1927-01, RHSA-2015:1928-01, RHSA-2015:2086-01, RHSA-2015:2506-01, RHSA-2015:2507-01, RHSA-2015:2508-01, RHSA-2015:2509-01, RHSA-2015:2518-01, SB10141, SUSE-SU-2015:1874-2, SUSE-SU-2015:1875-2, SUSE-SU-2015:2166-1, SUSE-SU-2015:2168-1, SUSE-SU-2015:2168-2, SUSE-SU-2015:2182-1, SUSE-SU-2015:2192-1, SUSE-SU-2015:2216-1, SUSE-SU-2015:2268-1, SUSE-SU-2016:0113-1, SUSE-SU-2016:0265-1, SUSE-SU-2016:0269-1, USN-2784-1, USN-2818-1, USN-2827-1, VIGILANCE-VUL-18149.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in Oracle Java.
An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4835]
An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4881]
An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4843]
An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4883]
An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4860]
An attacker can use a vulnerability of Serialization, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4805]
An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-21214). [severity:3/4; CVE-2015-4844]
An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4901]
An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4868]
An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4868]
An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2015-4810]
An attacker can use a vulnerability of Libraries, in order to obtain or alter information. [severity:2/4; CVE-2015-4806]
An attacker can use a vulnerability of Libraries, in order to obtain or alter information. [severity:2/4; CVE-2015-4871]
An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; CVE-2015-4902]
An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-4840]
An attacker can use a vulnerability of CORBA, in order to trigger a denial of service. [severity:2/4; CVE-2015-4882]
An attacker can use a vulnerability of JAXP, in order to obtain information. [severity:2/4; CVE-2015-4842]
An attacker can use a vulnerability of JGSS, in order to obtain information. [severity:2/4; CVE-2015-4734]
An attacker can use a vulnerability of RMI, in order to obtain information. [severity:2/4; CVE-2015-4903]
An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2015-4803]
An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2015-4893]
An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2015-4911]
An attacker can use a vulnerability of Security, in order to alter information. [severity:2/4; CVE-2015-4872]
An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:2/4; CVE-2015-4906]
An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:2/4; CVE-2015-4916]
An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:2/4; CVE-2015-4908]
Full Vigil@nce bulletin... (Free trial) |
ICU: integer overflow of LETableReference
Synthesis of the vulnerability
An attacker can generate an integer overflow in LETableReference of ICU, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 17/09/2015.
Identifiers: 1242394, 9010041, 9010044, bulletinoct2015, CVE-2015-2632, DLA-545-1, DSA-3725-1, NTAP-20150715-0001, NTAP-20151028-0001, USN-2740-1, VIGILANCE-VUL-17911.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can generate an integer overflow in LETableReference of ICU, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
ICU: buffer overflow of Layout Engine
Synthesis of the vulnerability
An attacker can generate a buffer overflow in Layout Engine of ICU, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 03/08/2015.
Identifiers: 9010041, 9010044, bulletinoct2015, CVE-2015-4760, DSA-3323-1, NTAP-20150715-0001, NTAP-20151028-0001, USN-2740-1, VIGILANCE-VUL-17558.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can generate a buffer overflow in Layout Engine of ICU, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: several vulnerabilities of July 2015
Synthesis of the vulnerability
Several vulnerabilities of Oracle Java were announced in July 2015.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 25.
Creation date: 15/07/2015.
Identifiers: 1963330, 1963331, 1963812, 1964236, 1966040, 1966536, 1967222, 1967498, 1967893, 1968485, 1972455, 206954, 9010041, 9010044, BSA-2016-002, CERTFR-2015-ALE-007, CERTFR-2015-AVI-305, CERTFR-2016-AVI-128, cpujul2015, CVE-2015-2590, CVE-2015-2596, CVE-2015-2597, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760, DSA-3316-1, DSA-3339-1, ESA-2015-134, FEDORA-2015-11859, FEDORA-2015-11860, JSA10727, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1288-1, openSUSE-SU-2015:1289-1, RHSA-2015:1228-01, RHSA-2015:1229-01, RHSA-2015:1230-01, RHSA-2015:1241-01, RHSA-2015:1242-01, RHSA-2015:1243-01, RHSA-2015:1485-01, RHSA-2015:1486-01, RHSA-2015:1488-01, RHSA-2015:1526-01, RHSA-2015:1544-01, SB10139, SOL17079, SOL17169, SOL17170, SOL17171, SOL17173, SUSE-SU-2015:1319-1, SUSE-SU-2015:1320-1, SUSE-SU-2015:1329-1, SUSE-SU-2015:1331-1, SUSE-SU-2015:1345-1, SUSE-SU-2015:1375-1, SUSE-SU-2015:1509-1, SUSE-SU-2015:2166-1, SUSE-SU-2015:2192-1, USN-2696-1, USN-2706-1, VIGILANCE-VUL-17371.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in Oracle Java.
An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-17558). [severity:3/4; CVE-2015-4760]
An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2628]
An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4731]
An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2590]
An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4732]
An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4733]
An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2638]
An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4736]
An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4748]
An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2597]
An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2664]
An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2632]
An attacker can use a vulnerability of JCE, in order to obtain information. [severity:2/4; CVE-2015-2601]
An attacker can use a vulnerability of JCE, in order to obtain information (VIGILANCE-VUL-18168). [severity:2/4; CVE-2015-2613]
An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; CVE-2015-2621]
An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; CVE-2015-2659]
An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2619]
An attacker can bypass security features in 2D, in order to obtain sensitive information. [severity:2/4; CVE-2015-2637]
An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; CVE-2015-2596]
An attacker can use a vulnerability of JNDI, in order to trigger a denial of service. [severity:2/4; CVE-2015-4749]
An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; CVE-2015-4729]
An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-4000]
An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-2808]
An attacker can use a vulnerability of Install, in order to obtain information. [severity:1/4; CVE-2015-2627]
An attacker can use a vulnerability of JSSE, in order to obtain information. [severity:1/4; CVE-2015-2625]
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
|