The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of TSA

computer threat bulletin CVE-2015-1283

Expat: integer overflow of XML

Synthesis of the vulnerability

An attacker can generate an integer overflow in the XML parser of Expat, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 27/07/2015.
Identifiers: 1964428, 1965444, 1967199, 1969062, 1990421, 1990658, bulletinjul2016, CVE-2015-1283, DSA-3318-1, FreeBSD-SA-15:20.expat, JSA10904, openSUSE-SU-2016:1441-1, openSUSE-SU-2016:1523-1, SOL15104541, SSA:2016-359-01, SUSE-SU-2016:1508-1, SUSE-SU-2016:1512-1, USN-2726-1, USN-3013-1, VIGILANCE-VUL-17498.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate an integer overflow in the XML parser of Expat, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2015-1931

IBM JDK: information disclosure via Memory Dump

Synthesis of the vulnerability

An attacker can bypass access restrictions to data by reading the Memory Dump of IBM JDK, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 23/07/2015.
Identifiers: 1963330, 1963331, 1966040, 1966536, 1967222, 1968485, 1972455, CVE-2015-1931, RHSA-2015:1485-01, RHSA-2015:1486-01, RHSA-2015:1488-01, RHSA-2015:1544-01, SUSE-SU-2015:1329-1, SUSE-SU-2015:1331-1, SUSE-SU-2015:1345-1, SUSE-SU-2015:1375-1, SUSE-SU-2015:1509-1, VIGILANCE-VUL-17483.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data by reading the Memory Dump of IBM JDK, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2015-1885 CVE-2015-1927 CVE-2015-1936

WebSphere AS 8.5: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebSphere AS 8.5.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/07/2015.
Identifiers: 1959083, 1963672, 1963673, 7022958, CVE-2015-1885, CVE-2015-1927, CVE-2015-1936, CVE-2015-1946, PI31622, PI33202, PI35180, PI36211, PI37230, VIGILANCE-VUL-17411.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in WebSphere AS 8.5.

An attacker can use Liberty Profile, in order to escalate his privileges. [severity:2/4; CVE-2015-1885, PI33202, PI36211]

An attacker can bypass security features in serveServletsbyClassname, in order to escalate his privileges. [severity:2/4; CVE-2015-1927, PI31622]

An attacker can bypass security features with the JSESSIONID parameter, in order to escalate his privileges. [severity:2/4; CVE-2015-1936, PI37230]

An attacker can bypass security features of User Roles, in order to escalate his privileges. [severity:2/4; CVE-2015-1946, PI35180]
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2015-0253 CVE-2015-3183 CVE-2015-3185

Apache httpd: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache httpd.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/07/2015.
Identifiers: 1963361, 1965444, 1967197, 1969062, bulletinoct2015, c04832246, c04926789, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185, DSA-2019-131, DSA-3325-1, DSA-3325-2, FEDORA-2015-11689, FEDORA-2015-11792, HPSBUX03435, HPSBUX03512, openSUSE-SU-2015:1684-1, RHSA-2015:1666-01, RHSA-2015:1667-01, RHSA-2015:1668-01, RHSA-2015:2659-01, RHSA-2015:2660-01, RHSA-2015:2661-01, RHSA-2016:0062-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SOL17251, SSA:2015-198-01, SSRT102254, SSRT102977, USN-2686-1, VIGILANCE-VUL-17378.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Apache httpd.

An attacker can generate an error during the analysis of the HTTP Chunk header, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-3183]

The ap_some_auth_required directive is not honored, so an attacker can access to the service with no authentication. [severity:2/4; CVE-2015-3185]

When the configuration of "ErrorDocument 400" points to a local url/file, and when the INCLUDES filter is enabled, an attacker can trigger a denial of service. [severity:2/4; CVE-2015-0253]
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2015-2590 CVE-2015-2596 CVE-2015-2597

Oracle Java: several vulnerabilities of July 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Java were announced in July 2015.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 25.
Creation date: 15/07/2015.
Identifiers: 1963330, 1963331, 1963812, 1964236, 1966040, 1966536, 1967222, 1967498, 1967893, 1968485, 1972455, 206954, 9010041, 9010044, BSA-2016-002, CERTFR-2015-ALE-007, CERTFR-2015-AVI-305, CERTFR-2016-AVI-128, cpujul2015, CVE-2015-2590, CVE-2015-2596, CVE-2015-2597, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760, DSA-3316-1, DSA-3339-1, ESA-2015-134, FEDORA-2015-11859, FEDORA-2015-11860, JSA10727, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1288-1, openSUSE-SU-2015:1289-1, RHSA-2015:1228-01, RHSA-2015:1229-01, RHSA-2015:1230-01, RHSA-2015:1241-01, RHSA-2015:1242-01, RHSA-2015:1243-01, RHSA-2015:1485-01, RHSA-2015:1486-01, RHSA-2015:1488-01, RHSA-2015:1526-01, RHSA-2015:1544-01, SB10139, SOL17079, SOL17169, SOL17170, SOL17171, SOL17173, SUSE-SU-2015:1319-1, SUSE-SU-2015:1320-1, SUSE-SU-2015:1329-1, SUSE-SU-2015:1331-1, SUSE-SU-2015:1345-1, SUSE-SU-2015:1375-1, SUSE-SU-2015:1509-1, SUSE-SU-2015:2166-1, SUSE-SU-2015:2192-1, USN-2696-1, USN-2706-1, VIGILANCE-VUL-17371.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-17558). [severity:3/4; CVE-2015-4760]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2628]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4731]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2590]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4732]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4733]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2638]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4736]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4748]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2597]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2664]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2632]

An attacker can use a vulnerability of JCE, in order to obtain information. [severity:2/4; CVE-2015-2601]

An attacker can use a vulnerability of JCE, in order to obtain information (VIGILANCE-VUL-18168). [severity:2/4; CVE-2015-2613]

An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; CVE-2015-2621]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; CVE-2015-2659]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2619]

An attacker can bypass security features in 2D, in order to obtain sensitive information. [severity:2/4; CVE-2015-2637]

An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; CVE-2015-2596]

An attacker can use a vulnerability of JNDI, in order to trigger a denial of service. [severity:2/4; CVE-2015-4749]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; CVE-2015-4729]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-4000]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-2808]

An attacker can use a vulnerability of Install, in order to obtain information. [severity:1/4; CVE-2015-2627]

An attacker can use a vulnerability of JSSE, in order to obtain information. [severity:1/4; CVE-2015-2625]
Full Vigil@nce bulletin... (Free trial)

security note CVE-2015-4000

TLS: weakening Diffie-Hellman via Logjam

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can force the TLS client/server to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Severity: 2/4.
Creation date: 20/05/2015.
Revision date: 20/05/2015.
Identifiers: 1610582, 1647054, 1957980, 1958984, 1959033, 1959539, 1959745, 1960194, 1960418, 1960862, 1962398, 1962694, 1963151, 9010038, 9010039, 9010041, 9010044, BSA-2015-005, bulletinjan2016, bulletinjul2015, c04725401, c04760669, c04767175, c04770140, c04773119, c04773241, c04774058, c04778650, c04832246, c04918839, c04926789, CERTFR-2016-AVI-303, CTX216642, CVE-2015-4000, DLA-507-1, DSA-3287-1, DSA-3300-1, DSA-3688-1, FEDORA-2015-10047, FEDORA-2015-10108, FEDORA-2015-9048, FEDORA-2015-9130, FEDORA-2015-9161, FreeBSD-EN-15:08.sendmail, FreeBSD-SA-15:10.openssl, HPSBGN03399, HPSBGN03407, HPSBGN03411, HPSBGN03417, HPSBHF03433, HPSBMU03345, HPSBMU03401, HPSBUX03363, HPSBUX03388, HPSBUX03435, HPSBUX03512, JSA10681, Logjam, NetBSD-SA2015-008, NTAP-20150616-0001, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1139-1, openSUSE-SU-2015:1209-1, openSUSE-SU-2015:1216-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2016:0226-1, openSUSE-SU-2016:0255-1, openSUSE-SU-2016:0261-1, openSUSE-SU-2016:2267-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1072-01, RHSA-2015:1185-01, RHSA-2015:1197-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SA111, SA40002, SA98, SB10122, SSA:2015-219-02, SSRT102180, SSRT102254, SSRT102964, SSRT102977, SUSE-SU-2015:1143-1, SUSE-SU-2015:1150-1, SUSE-SU-2015:1177-1, SUSE-SU-2015:1177-2, SUSE-SU-2015:1181-1, SUSE-SU-2015:1181-2, SUSE-SU-2015:1182-2, SUSE-SU-2015:1183-1, SUSE-SU-2015:1183-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2, SUSE-SU-2015:1185-1, SUSE-SU-2015:1268-1, SUSE-SU-2015:1268-2, SUSE-SU-2015:1269-1, SUSE-SU-2015:1581-1, SUSE-SU-2016:0224-1, SUSE-SU-2018:1768-1, TSB16728, USN-2624-1, USN-2625-1, USN-2656-1, USN-2656-2, VIGILANCE-VUL-16950, VN-2015-007.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Diffie-Hellman algorithm is used to exchange cryptographic keys. The DHE_EXPORT suite uses prime numbers smaller than 512 bits.

The Diffie-Hellman algorithm is used by TLS. However, during the negotiation, an attacker, located as a Man-in-the-Middle, can force TLS to use DHE_EXPORT (event if stronger suites are available).

This vulnerability can then be combined with VIGILANCE-VUL-16951.

An attacker, located as a Man-in-the-Middle, can therefore force the TLS client/server to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2014-7810

Apache Tomcat: privilege escalation via Web Application

Synthesis of the vulnerability

An attacker can create a malicious application, and invite the administrator to install it on Apache Tomcat, in order to escalate his privileges.
Severity: 2/4.
Creation date: 18/05/2015.
Identifiers: bulletinoct2015, c05054964, cpujul2018, CVE-2014-7810, DSA-3428-1, DSA-3447-1, DSA-3530-1, HPSBUX03561, ibm10729557, ibm10739953, RHSA-2015:1621-01, RHSA-2015:1622-01, RHSA-2016:0492-01, VIGILANCE-VUL-16917.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache Tomcat administrator can accept to install web applications from untrusted sources.

However, these applications can use the Expression Language to bypass the Security Manager.

An attacker can therefore create a malicious application, and invite the administrator to install it on Apache Tomcat, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2015-1920

WebSphere AS: code execution via Management Port

Synthesis of the vulnerability

An attacker can connect to the management port of WebSphere AS, in order to execute code.
Severity: 3/4.
Creation date: 29/04/2015.
Identifiers: 1883573, 1957952, 1957955, 1960313, 1963275, 7014463, 7022958, CERTFR-2015-AVI-194, CVE-2015-1920, VIGILANCE-VUL-16755.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The WebSphere AS product offers a management web service listening on a port.

However, if an attacker sends a specific sequence of instructions to this port, he can execute code.

An attacker can therefore connect to the management port of WebSphere AS, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2015-0204 CVE-2015-0458 CVE-2015-0459

Oracle Java: several vulnerabilities of April 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Java were announced in April 2015.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 14.
Creation date: 15/04/2015.
Identifiers: 1610582, 1902260, 1903541, 1903704, 1958902, 1960194, 1964236, 1966551, 1967498, 1968485, 205086, 206954, 7045736, BSA-2015-009, CERTFR-2015-AVI-172, cpuapr2015, CVE-2015-0204, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492, DSA-3234-1, DSA-3235-1, DSA-3316-1, ESA-2015-085, ESA-2015-134, FEDORA-2015-6357, FEDORA-2015-6369, FEDORA-2015-6397, FREAK, MDVSA-2015:212, openSUSE-SU-2015:0773-1, openSUSE-SU-2015:0774-1, RHSA-2015:0806-01, RHSA-2015:0807-01, RHSA-2015:0808-01, RHSA-2015:0809-01, RHSA-2015:0854-01, RHSA-2015:0857-01, RHSA-2015:0858-01, RHSA-2015:1006-01, RHSA-2015:1007-01, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SB10119, SUSE-SU-2015:0833-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, SUSE-SU-2015:2166-1, SUSE-SU-2015:2168-1, SUSE-SU-2015:2168-2, SUSE-SU-2015:2182-1, SUSE-SU-2015:2192-1, SUSE-SU-2015:2216-1, USN-2573-1, USN-2574-1, VIGILANCE-VUL-16607, VU#243585.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0469]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0459]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0491]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0460]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0492]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0458]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0484]

An attacker can use a vulnerability of Tools, in order to alter information, or to trigger a denial of service. [severity:2/4; CVE-2015-0480]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; CVE-2015-0486]

An attacker can use a vulnerability of JSSE, in order to trigger a denial of service. [severity:2/4; CVE-2015-0488]

An attacker can use a vulnerability of Beans, in order to alter information. [severity:2/4; CVE-2015-0477]

An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; CVE-2015-0470]

An attacker can use a vulnerability of JCE, in order to obtain information (VIGILANCE-VUL-17836). [severity:2/4; CVE-2015-0478]

An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data (VIGILANCE-VUL-16301). [severity:2/4; CVE-2015-0204, FREAK, VU#243585]
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2014-3566 CVE-2014-6549 CVE-2014-6585

Oracle Java: several vulnerabilities of January 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Java were announced in January 2015.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 19.
Creation date: 21/01/2015.
Identifiers: 1698239, 1699051, 1700706, 1701485, 7045736, c04517481, c04580241, c04583581, CERTFR-2015-AVI-034, CERTFR-2016-AVI-303, cpujan2015, CTX216642, CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413, CVE-2015-0421, CVE-2015-0437, DSA-3144-1, DSA-3147-1, FEDORA-2015-0983, FEDORA-2015-1075, FEDORA-2015-1150, FEDORA-2015-8251, FEDORA-2015-8264, HPSBUX03219, HPSBUX03273, HPSBUX03281, MDVSA-2015:033, MDVSA-2015:198, openSUSE-SU-2015:0190-1, RHSA-2015:0067-01, RHSA-2015:0068-01, RHSA-2015:0069-01, RHSA-2015:0079-01, RHSA-2015:0080-01, RHSA-2015:0085-01, RHSA-2015:0086-01, RHSA-2015:0133-01, RHSA-2015:0134-01, RHSA-2015:0135-01, RHSA-2015:0136-01, RHSA-2015:0263-01, RHSA-2015:0264-01, SB10104, SSRT101859, SSRT101951, SSRT101968, SUSE-SU-2015:0336-1, SUSE-SU-2015:0503-1, USN-2486-1, USN-2487-1, VIGILANCE-VUL-16014, VMSA-2015-0003, VMSA-2015-0003.1, VMSA-2015-0003.10, VMSA-2015-0003.11, VMSA-2015-0003.12, VMSA-2015-0003.13, VMSA-2015-0003.14, VMSA-2015-0003.15, VMSA-2015-0003.2, VMSA-2015-0003.3, VMSA-2015-0003.4, VMSA-2015-0003.5, VMSA-2015-0003.6, VMSA-2015-0003.8, VMSA-2015-0003.9.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-6601]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0412]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-6549]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0408]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0395]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0437]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0403]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0421]

An attacker can use a vulnerability of Deployment, in order to obtain information, or to trigger a denial of service. [severity:2/4; CVE-2015-0406]

An attacker can use a vulnerability of Hotspot, in order to alter information, or to trigger a denial of service. [severity:2/4; CVE-2015-0383]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; CVE-2015-0400]

An attacker can use a vulnerability of Swing, in order to obtain information. [severity:2/4; CVE-2015-0407]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; CVE-2015-0410]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2014-6587]

An attacker can use a vulnerability of JSSE, in order to obtain information. [severity:2/4; CVE-2014-3566]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information (VIGILANCE-VUL-16300). [severity:2/4; CVE-2014-6593]

An attacker can use a vulnerability of 2D, in order to obtain information (VIGILANCE-VUL-17559). [severity:1/4; CVE-2014-6585]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:1/4; CVE-2014-6591]

An attacker can use a vulnerability of Serviceability, in order to alter information. [severity:1/4; CVE-2015-0413]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about TSA: