The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of EMC VNX OE

threat bulletin CVE-2017-17833

OpenSLP: memory corruption via slpd_process.c

Synthesis of the vulnerability

An attacker can generate a memory corruption via slpd_process.c of OpenSLP, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 26/04/2018.
Identifiers: CVE-2017-17833, CVE-2018-12938-REJECT, DLA-1364-1, DSA-2019-131, FEDORA-2018-05acd3c734, openSUSE-SU-2018:1958-1, openSUSE-SU-2018:2813-1, RHSA-2018:2240-01, RHSA-2018:2308-01, SUSE-SU-2018:1916-1, SUSE-SU-2018:1917-1, SUSE-SU-2018:2779-1, SUSE-SU-2018:2991-1, SUSE-SU-2018:2991-3, USN-3708-1, VIGILANCE-VUL-25987.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a memory corruption via slpd_process.c of OpenSLP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2018-1183

EMC VNX/Unisphere: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to EMC VNX/Unisphere, in order to read a file, scan sites, or trigger a denial of service.
Severity: 2/4.
Creation date: 26/04/2018.
Identifiers: CVE-2018-1183, DSA-2018-013, VIGILANCE-VUL-25984.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the EMC VNX/Unisphere parser allows external entities.

An attacker can therefore transmit malicious XML data to EMC VNX/Unisphere, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2017-18207

Python Core: denial of service via Wave_read._read_fmt_chunk

Synthesis of the vulnerability

An attacker can generate a fatal error via Wave_read._read_fmt_chunk() of Python Core, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 17/04/2018.
Identifiers: 32056, CVE-2017-18207, DSA-2019-131, openSUSE-SU-2018:0966-1, openSUSE-SU-2018:2126-1, SUSE-SU-2018:1786-1, SUSE-SU-2018:2040-1, VIGILANCE-VUL-25893.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Wave_read._read_fmt_chunk() of Python Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-1000156

GNU patch: code execution via ed

Synthesis of the vulnerability

An attacker can use a vulnerability via ed of GNU patch, similar to VIGILANCE-VUL-17557, in order to run code.
Severity: 3/4.
Creation date: 06/04/2018.
Identifiers: 53566, bulletinapr2018, CVE-2018-1000156, DLA-1348-1, DSA-2019-131, FEDORA-2018-23a1b5975a, FEDORA-2018-88a4219528, FEDORA-2018-ed8d7c62c9, openSUSE-SU-2018:1137-1, RHSA-2018:1199-01, RHSA-2018:1200-01, RHSA-2018:2091-01, RHSA-2018:2092-01, RHSA-2018:2093-01, RHSA-2018:2094-01, RHSA-2018:2095-01, RHSA-2018:2096-01, RHSA-2018:2097-01, SSA:2018-096-01, SUSE-SU-2018:1128-1, SUSE-SU-2018:1162-1, USN-3624-1, USN-3624-2, VIGILANCE-VUL-25780.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via ed of GNU patch, similar to VIGILANCE-VUL-17557, in order to run code.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-1061

Python: denial of service via Poplib Regular Expressions

Synthesis of the vulnerability

An attacker can generate a fatal error via Poplib Regular Expressions of Python, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 30/03/2018.
Identifiers: bulletinjan2019, CVE-2018-1061, DLA-1519-1, DLA-1520-1, DSA-2019-131, DSA-4306-1, DSA-4307-1, FEDORA-2018-a042f795b2, FEDORA-2018-aa8de9d66a, ibm10725759, openSUSE-SU-2018:2712-1, openSUSE-SU-2018:3703-1, RHSA-2018:3041-01, RHSA-2019:3725-01, SSA:2018-124-01, SUSE-SU-2018:2408-1, SUSE-SU-2018:2696-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-25735.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Poplib Regular Expressions of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1060

Python: denial of service via Difflib Regular Expressions

Synthesis of the vulnerability

An attacker can generate a fatal error via Difflib Regular Expressions of Python, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 30/03/2018.
Identifiers: bulletinjan2019, CVE-2018-1060, DLA-1519-1, DLA-1520-1, DSA-2019-131, DSA-4306-1, DSA-4307-1, FEDORA-2018-a042f795b2, FEDORA-2018-aa8de9d66a, ibm10725759, openSUSE-SU-2018:2712-1, openSUSE-SU-2018:3703-1, RHSA-2018:3041-01, RHSA-2019:3725-01, SSA:2018-124-01, SUSE-SU-2018:2408-1, SUSE-SU-2018:2696-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-25734.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Difflib Regular Expressions of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2018-1058

PostgreSQL: privilege escalation via function search paths

Synthesis of the vulnerability

An attacker can define SQL functions with the same names than built-in functions of PostgreSQL, in order to make users run them with their own privileges.
Severity: 2/4.
Creation date: 02/03/2018.
Identifiers: CVE-2018-1058, DSA-2019-131, FEDORA-2018-2999cf6426, FEDORA-2018-a32082df51, openSUSE-SU-2018:0736-1, openSUSE-SU-2018:0765-1, openSUSE-SU-2018:0890-1, RHSA-2018:2511-01, RHSA-2018:2566-01, USN-3589-1, VIGILANCE-VUL-25416.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can define SQL functions with the same names than built-in functions of PostgreSQL, in order to make users run them with their own privileges.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2018-5733

ISC DHCP: integer overflow via dhcpd

Synthesis of the vulnerability

An attacker can generate an integer overflow via dhcpd of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 28/02/2018.
Identifiers: AA-01565, AA-01567, bulletinapr2018, CVE-2018-5733, DLA-1313-1, DSA-2019-131, DSA-4133-1, FEDORA-2018-5051dbd15e, N1022543, openSUSE-SU-2018:0827-1, RHSA-2018:0469-01, RHSA-2018:0483-01, SB10231, SSA:2018-060-01, SUSE-SU-2018:0810-2, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25402.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate an integer overflow via dhcpd of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2018-5732

ISC DHCP: buffer overflow via dhclient

Synthesis of the vulnerability

An attacker can generate a buffer overflow via dhclient of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 28/02/2018.
Identifiers: AA-01565, AA-01567, bulletinapr2018, CVE-2018-5732, DLA-1313-1, DSA-2019-131, DSA-4133-1, FEDORA-2018-5051dbd15e, K08306700, N1022543, openSUSE-SU-2018:0827-1, RHSA-2018:0469-01, RHSA-2018:0483-01, SB10231, SSA:2018-060-01, SUSE-SU-2018:0810-2, Synology-SA-18:14, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25401.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via dhclient of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-10713 CVE-2018-6951 CVE-2018-6952

patch: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of patch.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/02/2018.
Identifiers: bulletinapr2018, CVE-2016-10713, CVE-2018-6951, CVE-2018-6952, DSA-2019-131, FEDORA-2018-71fac70309, FEDORA-2018-90af6f5b8a, FEDORA-2018-b127e58641, FEDORA-2018-c255f16bfe, FEDORA-2018-d547a126e7, openSUSE-SU-2018:1137-1, RHSA-2019:2033-01, SUSE-SU-2018:1128-1, SUSE-SU-2018:1162-1, USN-3624-1, USN-3624-2, VIGILANCE-VUL-25338.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of patch.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about EMC VNX OE: