The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Hewlett-Packard HP-UX

computer threat announce CVE-2019-0217

Apache httpd mod_auth_digest: privilege escalation via Race Condition

Synthesis of the vulnerability

An attacker can bypass restrictions via Race Condition of Apache httpd mod_auth_digest, in order to escalate his privileges.
Severity: 2/4.
Creation date: 02/04/2019.
Identifiers: CERTFR-2019-AVI-141, CVE-2019-0217, DLA-1748-1, DSA-4422-1, FEDORA-2019-a4ed7400f4, HPESBUX03950, openSUSE-SU-2019:1190-1, openSUSE-SU-2019:1209-1, openSUSE-SU-2019:1258-1, RHSA-2019:2343-01, RHSA-2019:3436-01, SUSE-SU-2019:0873-1, SUSE-SU-2019:0878-1, SUSE-SU-2019:0888-1, SUSE-SU-2019:0888-2, SUSE-SU-2019:0889-1, USN-3937-1, USN-3937-2, VIGILANCE-VUL-28916.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Race Condition of Apache httpd mod_auth_digest, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-17199

Apache httpd: privilege escalation via mod_session_cookie Ignored Expiry Time

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_session_cookie Ignored Expiry Time of Apache httpd, in order to escalate his privileges.
Severity: 2/4.
Creation date: 23/01/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-031, CVE-2018-17199, DLA-1647-1, DSA-4422-1, HPESBUX03950, ibm10869064, ibm10872490, ibm10876972, openSUSE-SU-2019:0296-1, openSUSE-SU-2019:0305-1, SSA:2019-022-01, SUSE-SU-2019:0498-1, SUSE-SU-2019:0504-1, USN-3937-1, VIGILANCE-VUL-28330.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via mod_session_cookie Ignored Expiry Time of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-17189

Apache httpd: denial of service via mod_http2

Synthesis of the vulnerability

An attacker can trigger a fatal error via mod_http2 of Apache httpd, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 23/01/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-031, CVE-2018-17189, DSA-4422-1, HPESBUX03950, ibm10872490, openSUSE-SU-2019:0296-1, openSUSE-SU-2019:0305-1, SSA:2019-022-01, SUSE-SU-2019:0498-1, SUSE-SU-2019:0504-1, USN-3937-1, VIGILANCE-VUL-28329.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via mod_http2 of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2017-15275

Samba: information disclosure

Synthesis of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 21/11/2017.
Identifiers: CERTFR-2017-AVI-425, CVE-2017-15275, DLA-1183-1, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24503.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-14746

Samba: memory corruption via SMB1

Synthesis of the vulnerability

An attacker can generate a memory corruption via SMB1 of Samba, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 21/11/2017.
Identifiers: bulletinapr2018, CERTFR-2017-AVI-425, CVE-2017-14746, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24502.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a memory corruption via SMB1 of Samba, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-12163

Samba: information disclosure via Share Write Access

Synthesis of the vulnerability

A local attacker can read a memory fragment via Share Write Access of Samba, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12163, DLA-1110-1, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2789-01, RHSA-2017:2790-01, RHSA-2017:2791-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23882.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a memory fragment via Share Write Access of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2017-12151

Samba: information disclosure via SMB3 DFS Redirects

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SMB3 DFS Redirects of Samba, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12151, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2790-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23881.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via SMB3 DFS Redirects of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2017-12150

Samba: information disclosure via Missing Signature

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Missing Signature of Samba, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12150, DLA-1110-1, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2789-01, RHSA-2017:2790-01, RHSA-2017:2791-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23880.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Missing Signature of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-7674

Apache Tomcat: information disclosure via Cache Poisoning

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cache Poisoning of Apache Tomcat, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 11/08/2017.
Identifiers: bulletinoct2017, cpuapr2018, CVE-2017-7674, DLA-1400-1, DLA-1400-2, DSA-3974-1, FEDORA-2017-a00a087fd4, FEDORA-2017-ab0def38cd, HPESBUX03828, openSUSE-SU-2017:3069-1, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, USN-3519-1, VIGILANCE-VUL-23500.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Cache Poisoning of Apache Tomcat, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-3142 CVE-2017-3143

ISC BIND: two vulnerabilities via TSIG Authentication

Synthesis of the vulnerability

An attacker can use several vulnerabilities via TSIG Authentication of ISC BIND.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/06/2017.
Revision date: 07/07/2017.
Identifiers: AA-01503, AA-01504, bulletinjan2018, CERTFR-2017-AVI-199, CVE-2017-3142, CVE-2017-3143, DLA-1025-1, DLA-1025-2, DSA-2019-131, DSA-3904-1, DSA-3904-2, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, JSA10875, JSA10917, K02230327, K59448931, openSUSE-SU-2017:1809-1, RHSA-2017:1679-01, RHSA-2017:1680-01, SSA:2017-180-02, SUSE-SU-2017:1736-1, SUSE-SU-2017:1737-1, SUSE-SU-2017:1738-1, USN-3346-1, USN-3346-2, USN-3346-3, VIGILANCE-VUL-23107.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can use a Zone Transfer, in order to obtain sensitive information. [severity:2/4; AA-01504, CVE-2017-3142]

An attacker can use a Dynamic Update, in order to alter a zone. [severity:3/4; AA-01503, CERTFR-2017-AVI-199, CVE-2017-3143]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Hewlett-Packard HP-UX: