The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HP HP-UX

security bulletin CVE-2017-15275

Samba: information disclosure

Synthesis of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 21/11/2017.
Identifiers: CERTFR-2017-AVI-425, CVE-2017-15275, DLA-1183-1, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24503.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-14746

Samba: memory corruption via SMB1

Synthesis of the vulnerability

An attacker can generate a memory corruption via SMB1 of Samba, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 21/11/2017.
Identifiers: bulletinapr2018, CERTFR-2017-AVI-425, CVE-2017-14746, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24502.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a memory corruption via SMB1 of Samba, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-12163

Samba: information disclosure via Share Write Access

Synthesis of the vulnerability

A local attacker can read a memory fragment via Share Write Access of Samba, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12163, DLA-1110-1, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2789-01, RHSA-2017:2790-01, RHSA-2017:2791-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23882.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a memory fragment via Share Write Access of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2017-12151

Samba: information disclosure via SMB3 DFS Redirects

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SMB3 DFS Redirects of Samba, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12151, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2790-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23881.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via SMB3 DFS Redirects of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2017-12150

Samba: information disclosure via Missing Signature

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Missing Signature of Samba, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12150, DLA-1110-1, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2789-01, RHSA-2017:2790-01, RHSA-2017:2791-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23880.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Missing Signature of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-7674

Apache Tomcat: information disclosure via Cache Poisoning

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cache Poisoning of Apache Tomcat, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 11/08/2017.
Identifiers: bulletinoct2017, cpuapr2018, CVE-2017-7674, DLA-1400-1, DLA-1400-2, DSA-3974-1, FEDORA-2017-a00a087fd4, FEDORA-2017-ab0def38cd, HPESBUX03828, openSUSE-SU-2017:3069-1, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, USN-3519-1, VIGILANCE-VUL-23500.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Cache Poisoning of Apache Tomcat, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-3142 CVE-2017-3143

ISC BIND: two vulnerabilities via TSIG Authentication

Synthesis of the vulnerability

An attacker can use several vulnerabilities via TSIG Authentication of ISC BIND.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/06/2017.
Revision date: 07/07/2017.
Identifiers: AA-01503, AA-01504, bulletinjan2018, CERTFR-2017-AVI-199, CVE-2017-3142, CVE-2017-3143, DLA-1025-1, DLA-1025-2, DSA-2019-131, DSA-3904-1, DSA-3904-2, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, JSA10875, JSA10917, K02230327, K59448931, openSUSE-SU-2017:1809-1, RHSA-2017:1679-01, RHSA-2017:1680-01, SSA:2017-180-02, SUSE-SU-2017:1736-1, SUSE-SU-2017:1737-1, SUSE-SU-2017:1738-1, USN-3346-1, USN-3346-2, USN-3346-3, VIGILANCE-VUL-23107.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can use a Zone Transfer, in order to obtain sensitive information. [severity:2/4; AA-01504, CVE-2017-3142]

An attacker can use a Dynamic Update, in order to alter a zone. [severity:3/4; AA-01503, CERTFR-2017-AVI-199, CVE-2017-3143]
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2017-3140 CVE-2017-3141

ISC BIND: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ISC BIND.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/06/2017.
Identifiers: bulletinjul2018, CERTFR-2017-AVI-184, CVE-2017-3140, CVE-2017-3141, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, SSA:2017-165-01, VIGILANCE-VUL-22980.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can trigger an endless loop when Response Policy Zones are used, in order to trigger a denial of service. [severity:3/4; CVE-2017-3140]

On MS-Windows, an attacker can make Windows run his own program as the BIND service, thanks to a mishandling of spaces in paths. [severity:2/4; CVE-2017-3141]
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2017-5664

Apache Tomcat: error page tampering

Synthesis of the vulnerability

An attacker can trigger an HTTP error in Apache Tomcat, in order to corrupt the error page documents.
Severity: 2/4.
Creation date: 06/06/2017.
Identifiers: bulletinjul2017, cpuapr2018, cpuapr2019, cpujul2019, CVE-2017-5664, DLA-996-1, DSA-3891-1, DSA-3892-1, FEDORA-2017-63789c8c29, FEDORA-2017-e4638a345c, HPESBUX03828, JSA10838, KM03302206, openSUSE-SU-2017:3069-1, RHSA-2017:1801-01, RHSA-2017:1802-01, RHSA-2017:1809-01, RHSA-2017:2493-01, RHSA-2017:2494-01, RHSA-2017:2633-01, RHSA-2017:2635-01, RHSA-2017:2636-01, RHSA-2017:2637-01, RHSA-2017:2638-01, RHSA-2017:3080-01, RHSA-2017:3081-01, SA156, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, SUSE-SU-2018:1847-1, USN-3519-1, VIGILANCE-VUL-22907.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache Tomcat product offers a web service.

HTTP error pages may be customized. However, when the page content is provided by a static document instead of a servlet output, Tomcat allows to tamper with this source document.

An attacker can therefore trigger an HTTP error in Apache Tomcat, in order to corrupt the error page documents.
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2017-7494

Samba: code execution

Synthesis of the vulnerability

An attacker can put a shared library into a folder exported with Samba, in order to make it run arbitrary machine code.
Severity: 3/4.
Creation date: 24/05/2017.
Revision date: 29/05/2017.
Identifiers: 1450347, bulletinapr2017, CERTFR-2017-AVI-165, CERTFR-2017-AVI-365, CVE-2017-7494, DLA-951-1, DSA-3860-1, FEDORA-2017-570c0071c4, FEDORA-2017-642a0eca75, FEDORA-2017-c729c6123c, HPESBUX03759, JSA10824, JSA10826, openSUSE-SU-2017:1401-1, openSUSE-SU-2017:1415-1, RHSA-2017:1270-01, RHSA-2017:1271-01, RHSA-2017:1272-01, RHSA-2017:1390-01, SSA:2017-144-01, SUSE-SU-2017:1391-1, SUSE-SU-2017:1392-1, SUSE-SU-2017:1393-1, USN-3296-1, VIGILANCE-VUL-22808.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can put a shared library into a folder exported with Samba, in order to make it run arbitrary machine code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HP HP-UX: