The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Airbus Stormshield Network Security

security alert CVE-2019-1563

OpenSSL: information disclosure via PKCS7/CMS Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via PKCS7/CMS Padding Oracle of OpenSSL, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 11/09/2019.
Identifiers: CERTFR-2019-AVI-444, cpuoct2019, CVE-2019-1563, DLA-1932-1, DSA-4539-1, DSA-4539-2, DSA-4539-3, DSA-4540-1, NTAP-20190919-0002, openSUSE-SU-2019:2158-1, openSUSE-SU-2019:2189-1, openSUSE-SU-2019:2268-1, openSUSE-SU-2019:2269-1, SSA:2019-254-03, STORM-2019-018, SUSE-SU-2019:14171-1, SUSE-SU-2019:14174-1, SUSE-SU-2019:2397-1, SUSE-SU-2019:2403-1, SUSE-SU-2019:2410-1, SUSE-SU-2019:2413-1, SUSE-SU-2019:2504-1, SUSE-SU-2019:2558-1, SUSE-SU-2019:2561-1, VIGILANCE-VUL-30293.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via PKCS7/CMS Padding Oracle of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat 30263

Stormshield Network Security, Netasq: Cross Site Scripting via Certificate-based Authentication

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Certificate-based Authentication of Stormshield Network Security or Netasq, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 06/09/2019.
Identifiers: CERTFR-2019-AVI-426, STORM-2019-014, VIGILANCE-VUL-30263, VU#672565.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via Certificate-based Authentication of Stormshield Network Security or Netasq, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 30262

Stormshield Network Security, Netasq: Cross Site Request Forgery via Webadmin

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery via Webadmin of Stormshield Network Security or Netasq, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 06/09/2019.
Identifiers: STORM-2019-012, VIGILANCE-VUL-30262.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Request Forgery via Webadmin of Stormshield Network Security or Netasq, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

security threat 30261

Stormshield Network Security: Cross Site Scripting via Update Service

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Update Service of Stormshield Network Security, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 06/09/2019.
Identifiers: STORM-2019-016, VIGILANCE-VUL-30261.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via Update Service of Stormshield Network Security, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2019-1125

Intel 64-bit CPU: information disclosure via SWAPGS

Synthesis of the vulnerability

A local attacker can read a memory fragment via SWAPGS of Intel 64-bit CPU, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 07/08/2019.
Identifiers: 1103505, CERTFR-2019-AVI-375, CERTFR-2019-AVI-376, CERTFR-2019-AVI-381, CERTFR-2019-AVI-390, CERTFR-2019-AVI-391, CERTFR-2019-AVI-392, CERTFR-2019-AVI-417, CERTFR-2019-AVI-418, CERTFR-2019-AVI-428, CERTFR-2019-AVI-440, CERTFR-2019-AVI-458, CERTFR-2019-AVI-467, CERTFR-2019-AVI-486, CVE-2019-1125, DLA-1884-1, DLA-1885-1, DSA-4495-1, DSA-4497-1, FEDORA-2019-6bda4c81f4, FEDORA-2019-e37c348348, K31085564, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, RHSA-2019:2405-01, RHSA-2019:2411-01, RHSA-2019:2473-01, RHSA-2019:2476-01, RHSA-2019:2600-01, RHSA-2019:2609-01, RHSA-2019:2695-01, RHSA-2019:2696-01, RHSA-2019:2730-01, RHSA-2019:2899-01, RHSA-2019:2900-01, RHSA-2019:2975-01, RHSA-2019:3220-01, SB10297, SSA:2019-226-01, STORM-2019-007, SUSE-SU-2019:14157-1, SUSE-SU-2019:2068-1, SUSE-SU-2019:2069-1, SUSE-SU-2019:2070-1, SUSE-SU-2019:2071-1, SUSE-SU-2019:2072-1, SUSE-SU-2019:2073-1, SUSE-SU-2019:2262-1, SUSE-SU-2019:2263-1, SUSE-SU-2019:2299-1, SUSE-SU-2019:2430-1, SUSE-SU-2019:2450-1, SWAPGS, Synology-SA-19:32, USN-4093-1, USN-4094-1, USN-4095-1, USN-4095-2, USN-4096-1, VIGILANCE-VUL-29962.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a memory fragment via SWAPGS of Intel 64-bit CPU, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2019-1559

OpenSSL 1.0.2: information disclosure via 0-byte Record Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/02/2019.
Identifiers: bulletinapr2019, bulletinjul2019, CERTFR-2019-AVI-080, CERTFR-2019-AVI-132, CERTFR-2019-AVI-214, CERTFR-2019-AVI-325, cpuapr2019, cpujul2019, cpuoct2019, CVE-2019-1559, DLA-1701-1, DSA-4400-1, FEDORA-2019-00c25b9379, ibm10876638, ibm10886237, ibm10886659, JSA10949, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1105-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1175-1, openSUSE-SU-2019:1432-1, openSUSE-SU-2019:1637-1, RHBUG-1683804, RHBUG-1683807, RHSA-2019:2304-01, RHSA-2019:2471-01, SB10282, SSA:2019-057-01, SSB-439005, STORM-2019-001, SUSE-SU-2019:0572-1, SUSE-SU-2019:0600-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0803-1, SUSE-SU-2019:0818-1, SUSE-SU-2019:1362-1, SUSE-SU-2019:14091-1, SUSE-SU-2019:14092-1, SUSE-SU-2019:1553-1, SUSE-SU-2019:1608-1, SYMSA1490, TNS-2019-02, USN-3899-1, VIGILANCE-VUL-28600.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-20850

Stormshield Network Security: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Stormshield Network Security, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 07/02/2019.
Identifiers: CVE-2018-20850, STORM-2018-006, VIGILANCE-VUL-28462.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Stormshield Network Security product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Stormshield Network Security, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-3822

libcurl: buffer overflow via NTLM Type-3

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via NTLM Type-3 of libcurl, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 06/02/2019.
Identifiers: bulletinjan2019, bulletinoct2019, cpuapr2019, cpujul2019, CVE-2019-3822, DLA-1672-1, DSA-4386-1, FEDORA-2019-43489941ff, openSUSE-SU-2019:0173-1, openSUSE-SU-2019:0174-1, RHSA-2019:3701-01, SSA:2019-037-01, STORM-2019-002, SUSE-SU-2019:0248-1, SUSE-SU-2019:0249-1, SUSE-SU-2019:0249-2, SUSE-SU-2019:0339-1, USN-3882-1, VIGILANCE-VUL-28444.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a buffer overflow via NTLM Type-3 of libcurl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2018-16890

libcurl: out-of-bounds memory reading via NTLM Type-2

Synthesis of the vulnerability

An attacker can force a read at an invalid address via NTLM Type-2 of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 06/02/2019.
Identifiers: bulletinjan2019, cpuapr2019, cpujul2019, CVE-2018-16890, DLA-1672-1, DSA-4386-1, FEDORA-2019-43489941ff, K03314397, openSUSE-SU-2019:0173-1, openSUSE-SU-2019:0174-1, RHSA-2019:3701-01, SSA:2019-037-01, STORM-2019-002, SUSE-SU-2019:0248-1, SUSE-SU-2019:0249-1, SUSE-SU-2019:0249-2, SUSE-SU-2019:0339-1, USN-3882-1, VIGILANCE-VUL-28443.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via NTLM Type-2 of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2018-16842

libcurl: out-of-bounds memory reading via Warning Message

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Warning Message of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 31/10/2018.
Identifiers: bulletinoct2018, CVE-2018-16842, DLA-1568-1, DSA-2019-114, DSA-4331-1, FEDORA-2018-298a3d2923, FEDORA-2018-69bac0f51c, FEDORA-2018-7785911c9e, FEDORA-2018-fdc4ca8675, openSUSE-SU-2018:3699-1, openSUSE-SU-2018:3706-1, RHSA-2019:2181-01, SSA:2018-304-01, STORM-2019-002, SUSE-SU-2018:3624-1, SUSE-SU-2018:3681-1, SUSE-SU-2019:0339-1, USN-3805-1, USN-3805-2, VIGILANCE-VUL-27650.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via Warning Message of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Airbus Stormshield Network Security: