The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Dell EMC VNX Series

computer vulnerability note CVE-2019-3754

Dell EMC VNXe3200: Cross Site Scripting via Cas/Logout Page

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Cas/Logout Page of Dell EMC VNXe3200, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 28/08/2019.
Identifiers: CVE-2019-3754, DSA-2019-125, DSA-2019-131, VIGILANCE-VUL-30174.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Dell EMC VNXe3200 product offers a web service.

However, it does not filter received data via Cas/Logout Page before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Cas/Logout Page of Dell EMC VNXe3200, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2019-9948

Python urllib: file reading via Blacklist Bypass

Synthesis of the vulnerability

A local attacker can read a file via Blacklist Bypass of Python urllib, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 25/03/2019.
Identifiers: 1102875, 35907, bulletinjul2019, CVE-2019-9948, DLA-1834-1, DLA-1852-1, DSA-2019-131, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1580-1, RHSA-2019:1700-01, RHSA-2019:2030-01, RHSA-2019:3335-01, RHSA-2019:3520-01, SSA:2019-293-01, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28848.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a file via Blacklist Bypass of Python urllib, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-9636

Python: information disclosure via Punycode/IDNA NFKC Normalization

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 08/03/2019.
Identifiers: 1102875, 36216, bulletinapr2019, bulletinjul2019, CVE-2019-9636, DLA-1834-1, DLA-1835-1, DLA-1835-2, DSA-2019-131, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1371-1, openSUSE-SU-2019:1580-1, RHSA-2019:0710-01, RHSA-2019:0765-01, RHSA-2019:0806-01, RHSA-2019:0902-01, RHSA-2019:1467-01, RHSA-2019:2980-01, RHSA-2019:3170-01, SUSE-SU-2019:0961-1, SUSE-SU-2019:0971-1, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28692.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2019-2422 CVE-2019-2426 CVE-2019-2449

Oracle Java: vulnerabilities of January 2019

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 16/01/2019.
Identifiers: CERTFR-2019-AVI-022, cpujan2019, CVE-2019-2422, CVE-2019-2426, CVE-2019-2449, CVE-2019-2540, DLA-1732-1, DSA-2019-131, DSA-4410-1, FEDORA-2019-362387a66d, FEDORA-2019-3f9a71578d, FEDORA-2019-8f2b27efce, FEDORA-2019-96ac060af3, FEDORA-2019-b084fa3ea5, FEDORA-2019-d6717436ee, ibm10873042, ibm10875554, ibm10878234, ibm10878236, ibm10878376, ibm10882598, ibm10884286, ibm10884946, ibm10886063, NTAP-20190118-0001, openSUSE-SU-2019:0161-1, openSUSE-SU-2019:0346-1, openSUSE-SU-2019:1439-1, openSUSE-SU-2019:1500-1, RHSA-2019:0416-01, RHSA-2019:0435-01, RHSA-2019:0436-01, RHSA-2019:0462-01, RHSA-2019:0464-01, RHSA-2019:0469-01, RHSA-2019:0472-01, RHSA-2019:0473-01, RHSA-2019:0474-01, RHSA-2019:1238-01, SUSE-SU-2019:0221-1, SUSE-SU-2019:0574-1, SUSE-SU-2019:0604-1, SUSE-SU-2019:0617-1, SUSE-SU-2019:1219-1, SUSE-SU-2019:1392-1, SUSE-SU-2019:13975-1, SUSE-SU-2019:13978-1, SUSE-SU-2019:2028-1, SUSE-SU-2019:2291-1, SUSE-SU-2019:2371-1, USN-3875-1, USN-3942-1, USN-3949-1, VIGILANCE-VUL-28290, ZDI-19-033.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2018-3136 CVE-2018-3139 CVE-2018-3149

Oracle Java: vulnerabilities of October 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 11.
Creation date: 17/10/2018.
Identifiers: 528379, CERTFR-2018-AVI-495, cpuoct2018, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3150, CVE-2018-3157, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3209, CVE-2018-3211, CVE-2018-3214, DLA-1590-1, DSA-2018-208, DSA-2019-131, DSA-4326-1, FEDORA-2018-209371341e, FEDORA-2018-369ab0efc9, FEDORA-2018-5857f28069, FEDORA-2018-cca64e06ba, FEDORA-2018-ce61c1147d, ibm10729607, ibm10741443, ibm10742147, ibm10742149, ibm10743955, ibm10793419, ibm10796096, ibm10875314, ibm10881644, ibm10882604, ibm10883400, openSUSE-SU-2018:3235-1, openSUSE-SU-2019:0042-1, openSUSE-SU-2019:0043-1, RHSA-2018:2942-01, RHSA-2018:2943-01, RHSA-2018:3000-01, RHSA-2018:3001-01, RHSA-2018:3002-01, RHSA-2018:3003-01, RHSA-2018:3007-01, RHSA-2018:3008-01, RHSA-2018:3350-01, RHSA-2018:3409-01, RHSA-2018:3521-01, RHSA-2018:3533-01, RHSA-2018:3534-01, RHSA-2018:3671-01, RHSA-2018:3672-01, SB10255, SUSE-SU-2018:3868-1, SUSE-SU-2018:3920-1, SUSE-SU-2018:3921-1, SUSE-SU-2018:3933-1, SUSE-SU-2018:4064-1, SUSE-SU-2019:0049-1, SUSE-SU-2019:0057-1, SUSE-SU-2019:0057-2, SUSE-SU-2019:0058-1, USN-3804-1, USN-3824-1, USN-3830-1, VIGILANCE-VUL-27509, ZDI-18-1263.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2018-14621

libtirpc: infinite loop

Synthesis of the vulnerability

An attacker can generate an infinite loop of libtirpc, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 15/10/2018.
Identifiers: CVE-2018-14621, DSA-2019-131, SUSE-SU-2018:3146-1, VIGILANCE-VUL-27502.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate an infinite loop of libtirpc, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2018-14622

libtirpc: NULL pointer dereference via makefd_xprt

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via makefd_xprt() of libtirpc, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 06/09/2018.
Identifiers: CVE-2018-14622, DSA-2019-131, SUSE-SU-2018:3146-1, USN-3759-1, USN-3759-2, VIGILANCE-VUL-27169.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via makefd_xprt() of libtirpc, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2018-15919

OpenSSH: information disclosure via GSS User Enumeration

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via GSS User Enumeration of OpenSSH, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 28/08/2018.
Identifiers: CVE-2018-15919, DSA-2019-131, openSUSE-SU-2018:3801-1, SUSE-SU-2018:3540-1, SUSE-SU-2018:3686-1, SUSE-SU-2018:3768-1, SUSE-SU-2018:3776-1, SUSE-SU-2018:3781-1, VIGILANCE-VUL-27089.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via GSS User Enumeration of OpenSSH, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2018-14598 CVE-2018-14599 CVE-2018-14600

libX11: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libX11.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/08/2018.
Identifiers: bulletinoct2018, CERTFR-2018-AVI-490, CVE-2018-14598, CVE-2018-14599, CVE-2018-14600, DLA-1482-1, DSA-2019-131, FEDORA-2019-6a756fe3a5, openSUSE-SU-2018:2567-1, openSUSE-SU-2018:3012-1, RHSA-2019:2079-01, SSA:2018-233-01, SUSE-SU-2018:2934-1, SUSE-SU-2018:2955-1, SUSE-SU-2018:3102-1, USN-3758-1, USN-3758-2, VIGILANCE-VUL-27057.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of libX11.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2018-15473

OpenSSH: information disclosure via Username Enumeration

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Username Enumeration of OpenSSH, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 16/08/2018.
Identifiers: bulletinjan2019, CERTFR-2018-AVI-410, CVE-2018-15473, DLA-1474-1, DSA-2019-131, DSA-4280-1, FEDORA-2018-065a7722ee, FEDORA-2018-f56ded11c4, NTAP-20181101-0001, openSUSE-SU-2018:3801-1, openSUSE-SU-2018:3946-1, RHSA-2019:0711-01, RHSA-2019:2143-01, SB10267, SSB-439005, SUSE-SU-2018:3540-1, SUSE-SU-2018:3686-1, SUSE-SU-2018:3768-1, SUSE-SU-2018:3776-1, SUSE-SU-2018:3781-1, SUSE-SU-2018:3910-1, SYMSA1469, USN-3809-1, VIGILANCE-VUL-27016.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Username Enumeration of OpenSSH, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Dell EMC VNX Series: