The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Etch

vulnerability announce CVE-2017-18222

Linux kernel: memory corruption via Hisilicon Network Subsystem

Synthesis of the vulnerability

An attacker can generate a memory corruption via Hisilicon Network Subsystem of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Linux, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 09/03/2018.
Identifiers: CERTFR-2018-AVI-250, CERTFR-2018-AVI-257, CVE-2017-18222, DSA-4188-1, USN-3654-1, USN-3654-2, USN-3656-1, VIGILANCE-VUL-25512.

Description of the vulnerability

An attacker can generate a memory corruption via Hisilicon Network Subsystem of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-18206

Zsh: code execution via Symlinks

Synthesis of the vulnerability

An attacker can use a vulnerability via Symlinks of Zsh, in order to run code.
Impacted products: Debian, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 09/03/2018.
Identifiers: bulletinoct2018, CVE-2017-18206, DLA-1304-1, openSUSE-SU-2018:1093-1, RHSA-2018:1932-01, RHSA-2018:3073-01, SSA:2019-013-01, SUSE-SU-2018:1072-1, USN-3593-1, VIGILANCE-VUL-25506.

Description of the vulnerability

An attacker can use a vulnerability via Symlinks of Zsh, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-10714

Zsh: denial of service via Errors

Synthesis of the vulnerability

An attacker can generate a fatal error via Errors of Zsh, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: user shell.
Creation date: 09/03/2018.
Identifiers: bulletinoct2018, CVE-2016-10714, DLA-1304-1, openSUSE-SU-2018:1093-1, SUSE-SU-2018:1072-1, USN-3593-1, VIGILANCE-VUL-25504.

Description of the vulnerability

An attacker can generate a fatal error via Errors of Zsh, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-10072

Zsh: privilege escalation via Symbolic Links

Synthesis of the vulnerability

An attacker can bypass restrictions via Symbolic Links of Zsh, in order to escalate his privileges.
Impacted products: Debian, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/03/2018.
Identifiers: bulletinoct2018, CVE-2014-10072, DLA-1304-1, openSUSE-SU-2018:1093-1, RHSA-2018:1932-01, RHSA-2018:3073-01, SUSE-SU-2018:1072-1, USN-3593-1, VIGILANCE-VUL-25503.

Description of the vulnerability

An attacker can bypass restrictions via Symbolic Links of Zsh, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-10071

Zsh: privilege escalation via Specific Inputs

Synthesis of the vulnerability

An attacker can bypass restrictions via Specific Inputs of Zsh, in order to escalate his privileges.
Impacted products: Debian, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/03/2018.
Identifiers: bulletinoct2018, CVE-2014-10071, DLA-1304-1, openSUSE-SU-2018:1093-1, RHSA-2018:3073-01, SUSE-SU-2018:1072-1, USN-3593-1, VIGILANCE-VUL-25502.

Description of the vulnerability

An attacker can bypass restrictions via Specific Inputs of Zsh, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-10070

Zsh: privilege escalation via Enviroment Variables

Synthesis of the vulnerability

An attacker can bypass restrictions via Enviroment Variables of Zsh, in order to escalate his privileges.
Impacted products: Debian, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/03/2018.
Identifiers: bulletinoct2018, CVE-2014-10070, DLA-1304-1, openSUSE-SU-2018:1093-1, SUSE-SU-2018:1072-1, USN-3593-1, VIGILANCE-VUL-25501.

Description of the vulnerability

An attacker can bypass restrictions via Enviroment Variables of Zsh, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-7740

Linux kernel: denial of service via resv_map_release

Synthesis of the vulnerability

An attacker can generate a fatal error via resv_map_release() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: document.
Creation date: 08/03/2018.
Identifiers: 199037, CERTFR-2018-AVI-199, CERTFR-2018-AVI-224, CERTFR-2018-AVI-232, CERTFR-2019-AVI-115, CVE-2018-7740, DLA-1369-1, DSA-4187-1, DSA-4188-1, openSUSE-SU-2018:0972-1, RHSA-2018:3083-01, RHSA-2018:3096-01, SUSE-SU-2018:1048-1, SUSE-SU-2018:1173-1, SUSE-SU-2018:1217-1, USN-3910-1, USN-3910-2, VIGILANCE-VUL-25494.

Description of the vulnerability

An attacker can generate a fatal error via resv_map_release() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1000116

Net-SNMP: memory corruption via snmplib/snmp_api.c

Synthesis of the vulnerability

An attacker can generate a memory corruption via snmplib/snmp_api.c of Net-SNMP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Net-SNMP.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 08/03/2018.
Identifiers: 2821, CVE-2018-1000116, DLA-1317-1, DSA-4154-1, FEDORA-2018-5a5f51753c, FEDORA-2018-d64806ca1d, VIGILANCE-VUL-25492.

Description of the vulnerability

An attacker can generate a memory corruption via snmplib/snmp_api.c of Net-SNMP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1054

389 Directory Server: denial of service via SetUnicodeStringFromUTF_8

Synthesis of the vulnerability

An attacker can generate a fatal error via SetUnicodeStringFromUTF_8 of 389 Directory Server, in order to trigger a denial of service.
Impacted products: Debian, RHEL.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 07/03/2018.
Identifiers: CVE-2018-1054, DLA-1428-1, RHSA-2018:0414-01, RHSA-2018:0515-01, VIGILANCE-VUL-25474.

Description of the vulnerability

An attacker can generate a fatal error via SetUnicodeStringFromUTF_8 of 389 Directory Server, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0490

Tor: denial of service via Directory Authorities

Synthesis of the vulnerability

An attacker can generate a fatal error via Directory Authorities of Tor, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on client.
Provenance: internet server.
Creation date: 07/03/2018.
Identifiers: CVE-2018-0490, DSA-4183-1, FEDORA-2018-18a0cf206b, openSUSE-SU-2018:0614-1, openSUSE-SU-2018:0620-1, TROVE-2018-001, VIGILANCE-VUL-25463.

Description of the vulnerability

An attacker can generate a fatal error via Directory Authorities of Tor, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Etch: