The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of EMC VNX Series

computer vulnerability announce CVE-2017-17833

OpenSLP: memory corruption via slpd_process.c

Synthesis of the vulnerability

An attacker can generate a memory corruption via slpd_process.c of OpenSLP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 26/04/2018.
Identifiers: CVE-2017-17833, CVE-2018-12938-REJECT, DLA-1364-1, DSA-2019-131, FEDORA-2018-05acd3c734, openSUSE-SU-2018:1958-1, openSUSE-SU-2018:2813-1, RHSA-2018:2240-01, RHSA-2018:2308-01, SUSE-SU-2018:1916-1, SUSE-SU-2018:1917-1, SUSE-SU-2018:2779-1, SUSE-SU-2018:2991-1, SUSE-SU-2018:2991-3, USN-3708-1, VIGILANCE-VUL-25987.

Description of the vulnerability

An attacker can generate a memory corruption via slpd_process.c of OpenSLP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1183

EMC VNX/Unisphere: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to EMC VNX/Unisphere, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: Unisphere EMC, VNX Operating Environment, VNX Series.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 26/04/2018.
Identifiers: CVE-2018-1183, DSA-2018-013, VIGILANCE-VUL-25984.

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the EMC VNX/Unisphere parser allows external entities.

An attacker can therefore transmit malicious XML data to EMC VNX/Unisphere, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-18207

Python Core: denial of service via Wave_read._read_fmt_chunk

Synthesis of the vulnerability

An attacker can generate a fatal error via Wave_read._read_fmt_chunk() of Python Core, in order to trigger a denial of service.
Impacted products: VNX Operating Environment, VNX Series, openSUSE Leap, Python, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 17/04/2018.
Identifiers: 32056, CVE-2017-18207, DSA-2019-131, openSUSE-SU-2018:0966-1, openSUSE-SU-2018:2126-1, SUSE-SU-2018:1786-1, SUSE-SU-2018:2040-1, VIGILANCE-VUL-25893.

Description of the vulnerability

An attacker can generate a fatal error via Wave_read._read_fmt_chunk() of Python Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1000156

GNU patch: code execution via ed

Synthesis of the vulnerability

An attacker can use a vulnerability via ed of GNU patch, similar to VIGILANCE-VUL-17557, in order to run code.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 06/04/2018.
Identifiers: 53566, bulletinapr2018, CVE-2018-1000156, DLA-1348-1, DSA-2019-131, FEDORA-2018-23a1b5975a, FEDORA-2018-88a4219528, FEDORA-2018-ed8d7c62c9, openSUSE-SU-2018:1137-1, RHSA-2018:1199-01, RHSA-2018:1200-01, RHSA-2018:2091-01, RHSA-2018:2092-01, RHSA-2018:2093-01, RHSA-2018:2094-01, RHSA-2018:2095-01, RHSA-2018:2096-01, RHSA-2018:2097-01, SSA:2018-096-01, SUSE-SU-2018:1128-1, SUSE-SU-2018:1162-1, USN-3624-1, USN-3624-2, VIGILANCE-VUL-25780.

Description of the vulnerability

An attacker can use a vulnerability via ed of GNU patch, similar to VIGILANCE-VUL-17557, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1061

Python: denial of service via Poplib Regular Expressions

Synthesis of the vulnerability

An attacker can generate a fatal error via Poplib Regular Expressions of Python, in order to trigger a denial of service.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, IBM i, openSUSE Leap, Solaris, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/03/2018.
Identifiers: bulletinjan2019, CVE-2018-1061, DLA-1519-1, DLA-1520-1, DSA-2019-131, DSA-4306-1, DSA-4307-1, FEDORA-2018-a042f795b2, FEDORA-2018-aa8de9d66a, ibm10725759, openSUSE-SU-2018:2712-1, openSUSE-SU-2018:3703-1, RHSA-2018:3041-01, SSA:2018-124-01, SUSE-SU-2018:2408-1, SUSE-SU-2018:2696-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-25735.

Description of the vulnerability

An attacker can generate a fatal error via Poplib Regular Expressions of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1060

Python: denial of service via Difflib Regular Expressions

Synthesis of the vulnerability

An attacker can generate a fatal error via Difflib Regular Expressions of Python, in order to trigger a denial of service.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, IBM i, openSUSE Leap, Solaris, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/03/2018.
Identifiers: bulletinjan2019, CVE-2018-1060, DLA-1519-1, DLA-1520-1, DSA-2019-131, DSA-4306-1, DSA-4307-1, FEDORA-2018-a042f795b2, FEDORA-2018-aa8de9d66a, ibm10725759, openSUSE-SU-2018:2712-1, openSUSE-SU-2018:3703-1, RHSA-2018:3041-01, SSA:2018-124-01, SUSE-SU-2018:2408-1, SUSE-SU-2018:2696-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-25734.

Description of the vulnerability

An attacker can generate a fatal error via Difflib Regular Expressions of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1058

PostgreSQL: privilege escalation via function search paths

Synthesis of the vulnerability

An attacker can define SQL functions with the same names than built-in functions of PostgreSQL, in order to make users run them with their own privileges.
Impacted products: VNX Operating Environment, VNX Series, Fedora, openSUSE Leap, PostgreSQL, RHEL, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 02/03/2018.
Identifiers: CVE-2018-1058, DSA-2019-131, FEDORA-2018-2999cf6426, FEDORA-2018-a32082df51, openSUSE-SU-2018:0736-1, openSUSE-SU-2018:0765-1, openSUSE-SU-2018:0890-1, RHSA-2018:2511-01, RHSA-2018:2566-01, USN-3589-1, VIGILANCE-VUL-25416.

Description of the vulnerability

An attacker can define SQL functions with the same names than built-in functions of PostgreSQL, in order to make users run them with their own privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-5733

ISC DHCP: integer overflow via dhcpd

Synthesis of the vulnerability

An attacker can generate an integer overflow via dhcpd of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, IBM i, ISC DHCP, McAfee Web Gateway, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 28/02/2018.
Identifiers: AA-01565, AA-01567, bulletinapr2018, CVE-2018-5733, DLA-1313-1, DSA-2019-131, DSA-4133-1, FEDORA-2018-5051dbd15e, N1022543, openSUSE-SU-2018:0827-1, RHSA-2018:0469-01, RHSA-2018:0483-01, SB10231, SSA:2018-060-01, SUSE-SU-2018:0810-2, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25402.

Description of the vulnerability

An attacker can generate an integer overflow via dhcpd of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-5732

ISC DHCP: buffer overflow via dhclient

Synthesis of the vulnerability

An attacker can generate a buffer overflow via dhclient of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, IBM i, ISC DHCP, McAfee Web Gateway, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 28/02/2018.
Identifiers: AA-01565, AA-01567, bulletinapr2018, CVE-2018-5732, DLA-1313-1, DSA-2019-131, DSA-4133-1, FEDORA-2018-5051dbd15e, K08306700, N1022543, openSUSE-SU-2018:0827-1, RHSA-2018:0469-01, RHSA-2018:0483-01, SB10231, SSA:2018-060-01, SUSE-SU-2018:0810-2, Synology-SA-18:14, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25401.

Description of the vulnerability

An attacker can generate a buffer overflow via dhclient of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-10713 CVE-2018-6951 CVE-2018-6952

patch: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of patch.
Impacted products: VNX Operating Environment, VNX Series, Fedora, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/02/2018.
Identifiers: bulletinapr2018, CVE-2016-10713, CVE-2018-6951, CVE-2018-6952, DSA-2019-131, FEDORA-2018-71fac70309, FEDORA-2018-90af6f5b8a, FEDORA-2018-b127e58641, FEDORA-2018-c255f16bfe, FEDORA-2018-d547a126e7, openSUSE-SU-2018:1137-1, RHSA-2019:2033-01, SUSE-SU-2018:1128-1, SUSE-SU-2018:1162-1, USN-3624-1, USN-3624-2, VIGILANCE-VUL-25338.

Description of the vulnerability

An attacker can use several vulnerabilities of patch.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about EMC VNX Series: