The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of AIX

computer threat bulletin CVE-2019-11772

Eclipse OpenJ9: buffer overflow via String.getBytes

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via String.getBytes() of Eclipse OpenJ9, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 02/09/2019.
Identifiers: 1087227, CVE-2019-11772, RHSA-2019:2585-01, RHSA-2019:2590-01, RHSA-2019:2592-01, SUSE-SU-2019:2291-1, SUSE-SU-2019:2371-1, VIGILANCE-VUL-30214.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a buffer overflow via String.getBytes() of Eclipse OpenJ9, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2019-11771

Eclipse OpenJ9: privilege escalation via Absolute RPATH

Synthesis of the vulnerability

An attacker can bypass restrictions via Absolute RPATH of Eclipse OpenJ9, in order to escalate his privileges.
Severity: 2/4.
Creation date: 23/08/2019.
Identifiers: 1072346, 1073908, 1087227, 1101261, 967217, CVE-2019-11771, ibm10964780, SUSE-SU-2019:14160-1, SUSE-SU-2019:14188-1, SUSE-SU-2019:2291-1, SUSE-SU-2019:2336-1, SUSE-SU-2019:2371-1, VIGILANCE-VUL-30137.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Absolute RPATH of Eclipse OpenJ9, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2019-4473

IBM Java: privilege escalation via Absolute RPATH

Synthesis of the vulnerability

An attacker can bypass restrictions via Absolute RPATH of IBM Java, in order to escalate his privileges.
Severity: 2/4.
Creation date: 23/08/2019.
Identifiers: 1072346, 1073908, 1087227, 1101261, 967217, CVE-2019-4473, ibm10964780, SUSE-SU-2019:14160-1, SUSE-SU-2019:14188-1, SUSE-SU-2019:2291-1, SUSE-SU-2019:2336-1, SUSE-SU-2019:2371-1, VIGILANCE-VUL-30136.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Absolute RPATH of IBM Java, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2019-11775

Eclipse OpenJ9: out-of-bounds memory reading via Loop Versioner

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Loop Versioner of Eclipse OpenJ9, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 19/08/2019.
Identifiers: 1087227, CVE-2019-11775, RHSA-2019:2494-01, RHSA-2019:2495-01, RHSA-2019:2585-01, RHSA-2019:2590-01, RHSA-2019:2592-01, SUSE-SU-2019:14160-1, SUSE-SU-2019:14188-1, SUSE-SU-2019:2291-1, SUSE-SU-2019:2336-1, SUSE-SU-2019:2371-1, VIGILANCE-VUL-30076.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via Loop Versioner of Eclipse OpenJ9, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2019-8936

NTP.org: NULL pointer dereference via Authenticated Mode 6

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via Authenticated Mode 6 of NTP.org, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 08/03/2019.
Identifiers: 3565, bulletinapr2019, CVE-2019-8936, DSA-2019-093, FEDORA-2019-694e3aa4e8, FEDORA-2019-f781d5c4c6, FreeBSD-SA-19:04.ntp, NTAP-20190503-0001, openSUSE-SU-2019:1143-1, openSUSE-SU-2019:1158-1, SSA:2019-067-01, SUSE-SU-2019:0775-1, SUSE-SU-2019:0777-1, SUSE-SU-2019:0789-1, SUSE-SU-2019:13991-1, SUSE-SU-2019:14004-1, VIGILANCE-VUL-28701.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via Authenticated Mode 6 of NTP.org, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2018-12549

Eclipse OpenJ9: NULL pointer dereference via Receiver Object

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via Receiver Object of Eclipse OpenJ9, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 07/03/2019.
Identifiers: CVE-2018-12549, ibm10875554, ibm10878376, ibm10882598, ibm10884286, RHSA-2019:0469-01, RHSA-2019:0472-01, RHSA-2019:1238-01, VIGILANCE-VUL-28686.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via Receiver Object of Eclipse OpenJ9, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1890

IBM Java: privilege escalation via RPATH

Synthesis of the vulnerability

An attacker can bypass restrictions via RPATH of IBM Java, in order to escalate his privileges.
Severity: 2/4.
Creation date: 06/03/2019.
Identifiers: CVE-2018-1890, ibm10873042, ibm10875554, ibm10878234, ibm10878236, ibm10878376, ibm10882598, ibm10883400, ibm10885024, SUSE-SU-2019:0617-1, VIGILANCE-VUL-28666.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via RPATH of IBM Java, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2019-1559

OpenSSL 1.0.2: information disclosure via 0-byte Record Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/02/2019.
Identifiers: bulletinapr2019, bulletinjul2019, CERTFR-2019-AVI-080, CERTFR-2019-AVI-132, CERTFR-2019-AVI-214, CERTFR-2019-AVI-325, cpuapr2019, cpujul2019, cpuoct2019, CVE-2019-1559, DLA-1701-1, DSA-4400-1, FEDORA-2019-00c25b9379, ibm10876638, ibm10886237, ibm10886659, JSA10949, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1105-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1175-1, openSUSE-SU-2019:1432-1, openSUSE-SU-2019:1637-1, RHBUG-1683804, RHBUG-1683807, RHSA-2019:2304-01, RHSA-2019:2471-01, SB10282, SSA:2019-057-01, SSB-439005, STORM-2019-001, SUSE-SU-2019:0572-1, SUSE-SU-2019:0600-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0803-1, SUSE-SU-2019:0818-1, SUSE-SU-2019:1362-1, SUSE-SU-2019:14091-1, SUSE-SU-2019:14092-1, SUSE-SU-2019:1553-1, SUSE-SU-2019:1608-1, SYMSA1490, TNS-2019-02, USN-3899-1, VIGILANCE-VUL-28600.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2019-7317

libpng: use after free via png_image_free

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via png_image_free() of libpng, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 05/02/2019.
Identifiers: 1087227, 275, bulletinapr2019, cpujul2019, CVE-2019-7317, DSA-4435-1, FEDORA-2019-146b81efba, FEDORA-2019-3854a1727e, FEDORA-2019-5c794ec7ba, FEDORA-2019-a5ec38072a, MFSA-2019-14, MFSA-2019-15, openSUSE-SU-2019:1484-1, openSUSE-SU-2019:1530-1, openSUSE-SU-2019:1534-1, openSUSE-SU-2019:1664-1, openSUSE-SU-2019:1912-1, openSUSE-SU-2019:1916-1, RHSA-2019:1308-01, RHSA-2019:1309-01, RHSA-2019:1310-01, RHSA-2019:2494-01, RHSA-2019:2495-01, RHSA-2019:2585-01, RHSA-2019:2590-01, RHSA-2019:2592-01, SSA:2019-107-01, SUSE-SU-2019:1388-1, SUSE-SU-2019:1398-1, SUSE-SU-2019:1398-2, SUSE-SU-2019:1405-1, SUSE-SU-2019:14160-1, SUSE-SU-2019:14188-1, SUSE-SU-2019:1458-1, SUSE-SU-2019:2021-1, SUSE-SU-2019:2028-1, SUSE-SU-2019:2036-1, SUSE-SU-2019:2291-1, SUSE-SU-2019:2336-1, SUSE-SU-2019:2371-1, USN-3962-1, USN-4080-1, USN-4083-1, VIGILANCE-VUL-28437.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via png_image_free() of libpng, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2019-2422 CVE-2019-2426 CVE-2019-2449

Oracle Java: vulnerabilities of January 2019

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 16/01/2019.
Identifiers: CERTFR-2019-AVI-022, cpujan2019, CVE-2019-2422, CVE-2019-2426, CVE-2019-2449, CVE-2019-2540, DLA-1732-1, DSA-2019-131, DSA-4410-1, FEDORA-2019-362387a66d, FEDORA-2019-3f9a71578d, FEDORA-2019-8f2b27efce, FEDORA-2019-96ac060af3, FEDORA-2019-b084fa3ea5, FEDORA-2019-d6717436ee, ibm10873042, ibm10875554, ibm10878234, ibm10878236, ibm10878376, ibm10882598, ibm10884286, ibm10884946, ibm10886063, NTAP-20190118-0001, openSUSE-SU-2019:0161-1, openSUSE-SU-2019:0346-1, openSUSE-SU-2019:1439-1, openSUSE-SU-2019:1500-1, RHSA-2019:0416-01, RHSA-2019:0435-01, RHSA-2019:0436-01, RHSA-2019:0462-01, RHSA-2019:0464-01, RHSA-2019:0469-01, RHSA-2019:0472-01, RHSA-2019:0473-01, RHSA-2019:0474-01, RHSA-2019:1238-01, SUSE-SU-2019:0221-1, SUSE-SU-2019:0574-1, SUSE-SU-2019:0604-1, SUSE-SU-2019:0617-1, SUSE-SU-2019:1219-1, SUSE-SU-2019:1392-1, SUSE-SU-2019:13975-1, SUSE-SU-2019:13978-1, SUSE-SU-2019:2028-1, SUSE-SU-2019:2291-1, SUSE-SU-2019:2371-1, USN-3875-1, USN-3942-1, USN-3949-1, VIGILANCE-VUL-28290, ZDI-19-033.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about AIX: