The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Etch

vulnerability bulletin CVE-2018-7489

jackson-databind: code execution via Deserializing

Synthesis of the vulnerability

An attacker can use a vulnerability via Deserializing of jackson-databind, in order to run code.
Impacted products: Debian, Avamar, NetWorker, Unisphere EMC, Oracle Communications, Oracle DB, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Tuxedo, Oracle Virtual Directory, WebLogic, Puppet, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 04/05/2018.
Identifiers: 5048, 521680, 521682, 527583, cpuapr2019, cpujan2019, cpujul2018, cpuoct2018, CVE-2018-7489, DSA-2018-096, DSA-2018-102, DSA-2018-207, DSA-4190-1, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:2088-01, RHSA-2018:2089-01, RHSA-2018:2090-01, VIGILANCE-VUL-26043.

Description of the vulnerability

An attacker can use a vulnerability via Deserializing of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1000179

Quassel: denial of service via Login Attempts

Synthesis of the vulnerability

An attacker can generate a fatal error via Login Attempts of Quassel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 02/05/2018.
Identifiers: CVE-2018-1000179, DSA-4189-1, FEDORA-2018-5e8de70380, FEDORA-2018-9617cb1088, FEDORA-2018-bd73ec6f3a, openSUSE-SU-2018:1119-1, VIGILANCE-VUL-26016.

Description of the vulnerability

An attacker can generate a fatal error via Login Attempts of Quassel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1000178

Quassel: memory corruption via qdatastream

Synthesis of the vulnerability

An attacker can generate a memory corruption via qdatastream of Quassel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 02/05/2018.
Identifiers: CVE-2018-1000178, DLA-1370-1, DSA-4189-1, FEDORA-2018-5e8de70380, FEDORA-2018-9617cb1088, FEDORA-2018-bd73ec6f3a, openSUSE-SU-2018:1119-1, VIGILANCE-VUL-26015.

Description of the vulnerability

An attacker can generate a memory corruption via qdatastream of Quassel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-10536 CVE-2018-10537 CVE-2018-10538

WavPack: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WavPack.
Impacted products: Debian, Fedora, Ubuntu.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 02/05/2018.
Identifiers: CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540, DSA-4197-1, FEDORA-2018-17a97bb25b, FEDORA-2018-d6002f761d, USN-3637-1, VIGILANCE-VUL-26014.

Description of the vulnerability

An attacker can use several vulnerabilities of WavPack.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-4101 CVE-2018-4113 CVE-2018-4114

WebKitGTK+: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Impacted products: iOS by Apple, iPhone, Debian, Fedora, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 18.
Creation date: 02/05/2018.
Identifiers: bulletinoct2018, CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, DSA-4256-1, FEDORA-2018-499f2dbc96, HT208693, openSUSE-SU-2018:2134-1, openSUSE-SU-2018:2135-1, openSUSE-SU-2018:3473-1, openSUSE-SU-2019:0081-1, RHSA-2018:2282-01, SUSE-SU-2018:3387-1, SUSE-SU-2019:0092-1, USN-3635-1, VIGILANCE-VUL-26013.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-6118

Chrome: use after free via Media Cache

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Media Cache of Chrome, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 02/05/2018.
Identifiers: CERTFR-2018-AVI-209, CVE-2018-6118, DSA-4237-1, openSUSE-SU-2018:1104-1, openSUSE-SU-2018:1175-1, openSUSE-SU-2018:1437-1, RHSA-2018:1321-01, VIGILANCE-VUL-26012.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Media Cache of Chrome, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-11333

libvorbis: out-of-bounds memory reading via vorbis_analysis_wrote

Synthesis of the vulnerability

An attacker can force a read at an invalid address via vorbis_analysis_wrote() of libvorbis, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/05/2018.
Identifiers: CVE-2017-11333, DLA-1368-1, FEDORA-2019-2e385f97e2, VIGILANCE-VUL-26002.

Description of the vulnerability

An attacker can force a read at an invalid address via vorbis_analysis_wrote() of libvorbis, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1000199

Linux kernel: privilege escalation via Ptrace Hardware Breakpoint Settings

Synthesis of the vulnerability

An attacker can bypass restrictions via Ptrace Hardware Breakpoint Settings of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Android OS, QRadar SIEM, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 02/05/2018.
Identifiers: CERTFR-2018-AVI-226, CERTFR-2018-AVI-228, CERTFR-2018-AVI-256, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2018-AVI-584, CVE-2018-1000199, DLA-1369-1, DSA-4187-1, DSA-4188-1, ibm10742755, openSUSE-SU-2018:1418-1, RHSA-2018:1318-01, RHSA-2018:1345-01, RHSA-2018:1347-01, RHSA-2018:1348-01, RHSA-2018:1354-01, RHSA-2018:1355-01, RHSA-2018:1374-01, SUSE-SU-2018:1366-1, SUSE-SU-2018:1368-1, SUSE-SU-2018:1374-1, SUSE-SU-2018:1375-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1846-1, SUSE-SU-2018:1855-1, Synology-SA-18:51, USN-3641-1, USN-3641-2, VIGILANCE-VUL-25999.

Description of the vulnerability

An attacker can bypass restrictions via Ptrace Hardware Breakpoint Settings of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-18241

Linux kernel: NULL pointer dereference via flush_cmd_control

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via flush_cmd_control of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 02/05/2018.
Identifiers: CERTFR-2018-AVI-301, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2019-AVI-115, CVE-2017-18241, DSA-4187-1, DSA-4188-1, openSUSE-SU-2018:1773-1, SSA:2019-030-01, SUSE-SU-2018:1772-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1855-1, USN-3910-1, USN-3910-2, VIGILANCE-VUL-25998.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via flush_cmd_control of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-9016

Linux kernel: use after free via blk_mq_tag_to_rq

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via blk_mq_tag_to_rq() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, Linux.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 02/05/2018.
Identifiers: CVE-2015-9016, DSA-4187-1, VIGILANCE-VUL-25997.

Description of the vulnerability

An attacker can force the usage of a freed memory area via blk_mq_tag_to_rq() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Etch: