| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of IBM AIX
OpenSSL: out-of-bounds memory reading via X.509 IPAddressFamily
Synthesis of the vulnerability
An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Mac OS X, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, FreeBSD, hMailServer, AIX, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, XtraDB Cluster, pfSense, RHEL, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/11/2017.
Identifiers: 2011879, 2013026, 2014367, bulletinapr2018, CERTFR-2017-AVI-391, cpuapr2018, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3735, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, HT208331, HT208394, ibm10715641, ibm10738249, JSA10851, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:3221-01, SA157, SB10211, SUSE-SU-2017:2968-1, SUSE-SU-2017:2981-1, SUSE-SU-2018:0112-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24317.
Description of the vulnerability
An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: vulnerabilities of October 2017
Synthesis of the vulnerability
Several vulnerabilities were announced in Oracle Java.
Impacted products: Debian, Fedora, AIX, DB2 UDB, IRAD, Rational ClearCase, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 20.
Creation date: 18/10/2017.
Identifiers: 2010282, 2010560, 2011264, 2012279, 2013081, 2013150, 2013545, 2014202, 2014981, 2015655, 2015825, 2016207, CERTFR-2017-AVI-366, cpuoct2017, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10341, CVE-2017-10342, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10380, CVE-2017-10386, CVE-2017-10388, DLA-1187-1, DSA-4015-1, DSA-4048-1, FEDORA-2017-7b17451b82, FEDORA-2017-98a361c2b5, FEDORA-2017-b1492e4844, FEDORA-2017-e7938fd7d7, ibm10718843, JSA10873, openSUSE-SU-2017:2998-1, openSUSE-SU-2018:0042-1, RHSA-2017:2998-01, RHSA-2017:2999-01, RHSA-2017:3046-01, RHSA-2017:3047-01, RHSA-2017:3264-01, RHSA-2017:3267-01, RHSA-2017:3268-01, RHSA-2017:3392-01, SB10212, SRC-2017-0028, SUSE-SU-2017:2989-1, SUSE-SU-2017:3235-1, SUSE-SU-2017:3369-1, SUSE-SU-2017:3411-1, SUSE-SU-2017:3440-1, SUSE-SU-2017:3455-1, SUSE-SU-2018:0005-1, SUSE-SU-2018:0061-1, swg22012279, Synology-SA-17:66, USN-3473-1, USN-3497-1, VIGILANCE-VUL-24161.
Description of the vulnerability
Several vulnerabilities were announced in Oracle Java.
Full Vigil@nce bulletin... (Free trial) |
OpenSSH: empty file creation via read-only sftp-server
Synthesis of the vulnerability
An attacker can use sftp-server of OpenSSH, in order to create an empty file, even if the read-only mode is selected.
Impacted products: Debian, Fedora, AIX, Copssh, Junos Space, Junos Space Network Management Platform, OpenSSH, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: internet client.
Creation date: 04/10/2017.
Identifiers: bulletinjan2019, CVE-2017-15906, DLA-1500-1, DLA-1500-2, FEDORA-2017-4862a3bfb1, FEDORA-2017-78f0991378, FEDORA-2017-96d1995b70, JSA10880, openSUSE-SU-2017:3243-1, RHSA-2018:0980-01, SUSE-SU-2018:2275-1, SUSE-SU-2018:2685-1, SUSE-SU-2018:3540-1, USN-3538-1, VIGILANCE-VUL-24020.
Description of the vulnerability
An attacker can use sftp-server of OpenSSH, in order to create an empty file, even if the read-only mode is selected.
Full Vigil@nce bulletin... (Free trial) |
AIX Java: privilege escalation via installp/updatep
Synthesis of the vulnerability
An attacker can bypass restrictions via installp/updatep of AIX Java, in order to escalate his privileges.
Impacted products: AIX.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 19/09/2017.
Identifiers: CVE-2017-1541, VIGILANCE-VUL-23865.
Description of the vulnerability
An attacker can bypass restrictions via installp/updatep of AIX Java, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
tcpdump: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of tcpdump.
Impacted products: Mac OS X, Debian, AIX, openSUSE Leap, Slackware, tcpdump, Ubuntu, WindRiver Linux.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 89.
Creation date: 08/09/2017.
Identifiers: CVE-2017-11541, CVE-2017-11542, CVE-2017-11543, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725, DLA-1097-1, HT208221, openSUSE-SU-2017:2875-1, SSA:2017-251-03, tcpdump_advisory3, USN-3415-1, USN-3415-2, VIGILANCE-VUL-23787.
Description of the vulnerability
An attacker can use several vulnerabilities of tcpdump.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: out-of-bounds memory reading via X.509 IPAddressFamily
Synthesis of the vulnerability
An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Mac OS X, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, XtraDB Cluster, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WindRiver Linux, X2GoClient.
Severity: 1/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 29/08/2017.
Identifiers: 2011879, 2013026, 2014367, bulletinapr2018, cpuapr2018, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3735, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, HT208331, HT208394, ibm10715641, ibm10738249, JSA10851, K21462542, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:3221-01, SA157, SB10211, SUSE-SU-2017:2968-1, SUSE-SU-2017:2981-1, SUSE-SU-2018:0112-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-23636.
Description of the vulnerability
An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
tcpdump: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of tcpdump.
Impacted products: Mac OS X, Debian, AIX, openSUSE Leap, Slackware, tcpdump, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 24/07/2017.
Identifiers: CVE-2017-11541, CVE-2017-11542, CVE-2017-11543, CVE-2017-11544-REJECT, CVE-2017-11545-REJECT, DLA-1090-1, DLA-1097-1, DSA-3971-1, HT208221, openSUSE-SU-2017:2875-1, SSA:2017-251-03, tcpdump_advisory3, USN-3415-1, USN-3415-2, VIGILANCE-VUL-23330.
Description of the vulnerability
An attacker can use several vulnerabilities of tcpdump.
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: vulnerabilities of July 2017
Synthesis of the vulnerability
Several vulnerabilities were announced in Oracle Java.
Impacted products: Debian, Fedora, AIX, Domino, Notes, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, ePO, SnapManager, Java OpenJDK, openSUSE Leap, Java Oracle, JavaFX, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 32.
Creation date: 19/07/2017.
Identifiers: 2007002, 2008025, 2008360, 2008362, 2008757, 2009206, 2009232, 2009253, 2009415, 2009663, 2011594, 2012301, CERTFR-2017-AVI-223, cpujul2017, CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10104, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10117, CVE-2017-10118, CVE-2017-10121, CVE-2017-10125, CVE-2017-10135, CVE-2017-10145, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243, DLA-1073-1, DSA-3919-1, DSA-3954-1, DSA-4005-1, FEDORA-2017-605557de96, FEDORA-2017-721314e3b3, FEDORA-2017-735e2ae663, FEDORA-2017-be3df4fe14, FEDORA-2017-fe57cf60c3, ibm10718843, JSA10873, NTAP-20170720-0001, openSUSE-SU-2017:2211-1, openSUSE-SU-2018:0042-1, RHSA-2017:1789-01, RHSA-2017:1790-01, RHSA-2017:1791-01, RHSA-2017:1792-01, RHSA-2017:2424-01, RHSA-2017:2469-01, RHSA-2017:2481-01, RHSA-2017:2530-01, SB10208, SUSE-SU-2017:2175-1, SUSE-SU-2017:2263-1, SUSE-SU-2017:2280-1, SUSE-SU-2017:2281-1, SUSE-SU-2018:0005-1, USN-3366-1, USN-3366-2, USN-3396-1, VIGILANCE-VUL-23289.
Description of the vulnerability
Several vulnerabilities were announced in Oracle Java.
Full Vigil@nce bulletin... (Free trial) |
ISC BIND: two vulnerabilities via TSIG Authentication
Synthesis of the vulnerability
An attacker can use several vulnerabilities via TSIG Authentication of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Junos OS, Junos Space, SRX-Series, NetBSD, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/06/2017.
Revision date: 07/07/2017.
Identifiers: AA-01503, AA-01504, bulletinjan2018, CERTFR-2017-AVI-199, CVE-2017-3142, CVE-2017-3143, DLA-1025-1, DLA-1025-2, DSA-3904-1, DSA-3904-2, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, JSA10875, JSA10917, K02230327, K59448931, openSUSE-SU-2017:1809-1, RHSA-2017:1679-01, RHSA-2017:1680-01, SSA:2017-180-02, SUSE-SU-2017:1736-1, SUSE-SU-2017:1737-1, SUSE-SU-2017:1738-1, USN-3346-1, USN-3346-2, USN-3346-3, VIGILANCE-VUL-23107.
Description of the vulnerability
Several vulnerabilities were announced in ISC BIND.
An attacker can use a Zone Transfer, in order to obtain sensitive information. [severity:2/4; AA-01504, CVE-2017-3142]
An attacker can use a Dynamic Update, in order to alter a zone. [severity:3/4; AA-01503, CERTFR-2017-AVI-199, CVE-2017-3143]
Full Vigil@nce bulletin... (Free trial) |
IBM JDK: external XML entity injection
Synthesis of the vulnerability
An attacker can transmit malicious XML data to IBM JDK, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: AIX, Domino, Notes, Tivoli System Automation, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 10/05/2017.
Identifiers: 2005058, 2005160, 2005255, 2007242, CVE-2017-1289, RHSA-2017:1220-01, RHSA-2017:1221-01, RHSA-2017:1222-01, SUSE-SU-2017:1384-1, SUSE-SU-2017:1386-1, SUSE-SU-2017:1387-1, SUSE-SU-2017:1444-1, VIGILANCE-VUL-22701.
Description of the vulnerability
XML data can contain external entities (DTD):
<!ENTITY name SYSTEM "file">
<!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
- content disclosure from files of the server
- private web site scan
- a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.
However, the IBM JDK parser allows external entities.
An attacker can therefore transmit malicious XML data to IBM JDK, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about IBM AIX:
|