The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Airbus Stormshield Data Security

vulnerability CVE-2019-1559

OpenSSL 1.0.2: information disclosure via 0-byte Record Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Impacted products: SDS, SES, SNS, Debian, AIX, IBM i, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Solaris, Percona Server, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/02/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-080, CERTFR-2019-AVI-132, CERTFR-2019-AVI-214, cpuapr2019, CVE-2019-1559, DLA-1701-1, DSA-4400-1, ibm10876638, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1105-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1175-1, SB10282, SSA:2019-057-01, SSB-439005, STORM-2019-001, SUSE-SU-2019:0572-1, SUSE-SU-2019:0600-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0803-1, SUSE-SU-2019:0818-1, TNS-2019-02, USN-3899-1, VIGILANCE-VUL-28600.

Description of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-16890

libcurl: out-of-bounds memory reading via NTLM Type-2

Synthesis of the vulnerability

An attacker can force a read at an invalid address via NTLM Type-2 of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: SDS, SES, SNS, curl, Debian, Fedora, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 06/02/2019.
Identifiers: bulletinjan2019, cpuapr2019, CVE-2018-16890, DLA-1672-1, DSA-4386-1, FEDORA-2019-43489941ff, openSUSE-SU-2019:0173-1, openSUSE-SU-2019:0174-1, SSA:2019-037-01, STORM-2019-002, SUSE-SU-2019:0248-1, SUSE-SU-2019:0249-1, SUSE-SU-2019:0249-2, SUSE-SU-2019:0339-1, USN-3882-1, VIGILANCE-VUL-28443.

Description of the vulnerability

An attacker can force a read at an invalid address via NTLM Type-2 of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-16842

libcurl: out-of-bounds memory reading via Warning Message

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Warning Message of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: SDS, SES, SNS, OpenOffice, curl, Debian, Fedora, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 31/10/2018.
Identifiers: bulletinoct2018, CVE-2018-16842, DLA-1568-1, DSA-4331-1, FEDORA-2018-298a3d2923, FEDORA-2018-69bac0f51c, FEDORA-2018-7785911c9e, FEDORA-2018-fdc4ca8675, openSUSE-SU-2018:3699-1, openSUSE-SU-2018:3706-1, SSA:2018-304-01, STORM-2019-002, SUSE-SU-2018:3624-1, SUSE-SU-2018:3681-1, SUSE-SU-2019:0339-1, USN-3805-1, USN-3805-2, VIGILANCE-VUL-27650.

Description of the vulnerability

An attacker can force a read at an invalid address via Warning Message of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-16839

libcurl: buffer overflow via Curl_auth_create_plain_message

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Curl_auth_create_plain_message() of libcurl, in order to trigger a denial of service, and possibly to run code.
Impacted products: SDS, SES, SNS, OpenOffice, curl, Debian, Fedora, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 31/10/2018.
Identifiers: bulletinoct2018, CVE-2018-16839, DLA-1568-1, DSA-4331-1, FEDORA-2018-298a3d2923, FEDORA-2018-69bac0f51c, FEDORA-2018-7785911c9e, FEDORA-2018-fdc4ca8675, openSUSE-SU-2018:3706-1, SSA:2018-304-01, STORM-2019-002, SUSE-SU-2018:3624-1, SUSE-SU-2019:0339-1, SUSE-SU-2019:0996-1, USN-3805-1, VIGILANCE-VUL-27648.

Description of the vulnerability

An attacker can generate a buffer overflow via Curl_auth_create_plain_message() of libcurl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1000300

curl: buffer overflow via FTP Shutdown Response

Synthesis of the vulnerability

An attacker can generate a buffer overflow via FTP Shutdown Response of curl, in order to trigger a denial of service, and possibly to run code.
Impacted products: SDS, SES, SNS, OpenOffice, curl, Fedora, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 16/05/2018.
Identifiers: cpujan2019, cpuoct2018, CVE-2018-1000300, FEDORA-2018-9dc7338487, FEDORA-2018-fa01002d7e, openSUSE-SU-2018:1624-1, SSA:2018-136-01, STORM-2019-002, USN-3648-1, VIGILANCE-VUL-26142.

Description of the vulnerability

An attacker can generate a buffer overflow via FTP Shutdown Response of curl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1000122

curl: out-of-bounds memory reading via RTSP RTP

Synthesis of the vulnerability

An attacker can force a read at an invalid address via RTSP RTP of curl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: SDS, SES, SNS, OpenOffice, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 14/03/2018.
Identifiers: bulletinapr2018, cpujan2019, cpuoct2018, CVE-2018-1000122, DLA-1309-1, DSA-4136-1, FEDORA-2018-66c96e0024, FEDORA-2018-8877b4ccac, JSA10874, openSUSE-SU-2018:0794-1, RHSA-2018:3157-01, RHSA-2018:3558-01, SSA:2018-074-01, STORM-2019-002, SUSE-SU-2018:1323-1, USN-3598-1, USN-3598-2, VIGILANCE-VUL-25547.

Description of the vulnerability

An attacker can force a read at an invalid address via RTSP RTP of curl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1000121

curl: NULL pointer dereference via LDAP URL

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via LDAP URL of curl, in order to trigger a denial of service.
Impacted products: SDS, SES, SNS, OpenOffice, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 14/03/2018.
Identifiers: bulletinapr2018, cpujan2019, cpuoct2018, CVE-2018-1000121, DLA-1309-1, DSA-4136-1, FEDORA-2018-66c96e0024, FEDORA-2018-8877b4ccac, JSA10874, openSUSE-SU-2018:0794-1, RHSA-2018:3157-01, RHSA-2018:3558-01, SSA:2018-074-01, STORM-2019-002, SUSE-SU-2018:1323-1, USN-3598-1, USN-3598-2, VIGILANCE-VUL-25546.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via LDAP URL of curl, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1000120

curl: memory corruption via FTP URL

Synthesis of the vulnerability

An attacker can generate a memory corruption via FTP URL of curl, in order to trigger a denial of service, and possibly to run code.
Impacted products: SDS, SES, SNS, OpenOffice, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 14/03/2018.
Identifiers: bulletinapr2018, cpujan2019, cpuoct2018, CVE-2018-1000120, DLA-1309-1, DSA-4136-1, FEDORA-2018-66c96e0024, FEDORA-2018-8877b4ccac, JSA10874, openSUSE-SU-2018:0794-1, RHSA-2018:3157-01, RHSA-2018:3558-01, SSA:2018-074-01, STORM-2019-002, SUSE-SU-2018:1323-1, USN-3598-1, USN-3598-2, VIGILANCE-VUL-25545.

Description of the vulnerability

An attacker can generate a memory corruption via FTP URL of curl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-8816 CVE-2017-8817 CVE-2017-8818

curl: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of curl.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Shibboleth SP, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 29/11/2017.
Identifiers: bulletinapr2018, bulletinoct2018, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, DLA-1195-1, DSA-4051-1, FEDORA-2017-0c062324cd, FEDORA-2017-45bdf4dace, HT208465, HT208692, JSA10874, openSUSE-SU-2018:0161-1, RHSA-2018:3558-01, STORM-2019-002, USN-3498-1, USN-3498-2, VIGILANCE-VUL-24564.

Description of the vulnerability

An attacker can use several vulnerabilities of curl.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-3736

OpenSSL: Man-in-the-Middle via bn_sqrx8x_internal

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Impacted products: SDS, SNS, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, hMailServer, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Email Gateway, McAfee NSP, McAfee NTBA, VirusScan, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, pfSense, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 02/11/2017.
Identifiers: 2012827, 2013025, 2014202, 2014651, 2014669, 2015080, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-391, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3736, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, ibm10715641, ibm10719113, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10851, K14363514, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA157, SB10211, SB10220, SSA:2017-306-02, STORM-2017-006, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24316.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Airbus Stormshield Data Security: