| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of IBM Lotus Notes
IBM Notes/Domino: code execution via NSD Shared Memory IPC
Synthesis of the vulnerability
An attacker can use a vulnerability via NSD Shared Memory IPC of IBM Notes/Domino, in order to run code.
Impacted products: Domino, Notes.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 17/12/2018.
Identifiers: CVE-2018-1171-ERROR, CVE-2018-1771, ibm10743405, VIGILANCE-VUL-28033.
Description of the vulnerability
An attacker can use a vulnerability via NSD Shared Memory IPC of IBM Notes/Domino, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
IBM Java: code execution via Attach API
Synthesis of the vulnerability
An attacker can use a vulnerability via Attach API of IBM Java, in order to run code.
Impacted products: AIX, DB2 UDB, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 28/08/2018.
Identifiers: CERTFR-2018-AVI-544, CVE-2018-12539, ibm10725491, ibm10729349, ibm10730083, ibm10733905, ibm10735319, ibm10735325, ibm10738401, ibm10738997, ibm10742729, ibm10743193, ibm10743351, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, VIGILANCE-VUL-27093.
Description of the vulnerability
An attacker can use a vulnerability via Attach API of IBM Java, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
IBM Java: directory traversal via DTFJ
Synthesis of the vulnerability
An attacker can traverse directories via DTFJ of IBM Java, in order to read a file outside the service root path.
Impacted products: AIX, DB2 UDB, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 28/08/2018.
Identifiers: CERTFR-2018-AVI-544, CVE-2018-1656, ibm10725491, ibm10729349, ibm10730083, ibm10733905, ibm10735319, ibm10735325, ibm10738401, ibm10738997, ibm10742729, ibm10743193, ibm10743351, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, VIGILANCE-VUL-27092.
Description of the vulnerability
An attacker can traverse directories via DTFJ of IBM Java, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial) |
IBM Java: denial of service via java.math
Synthesis of the vulnerability
An attacker can generate a fatal error via java.math of IBM Java, in order to trigger a denial of service.
Impacted products: AIX, Domino, Notes, QRadar SIEM, Tivoli Workload Scheduler, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 28/08/2018.
Identifiers: CVE-2018-1517, ibm10738401, ibm10742729, ibm10743351, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, VIGILANCE-VUL-27091.
Description of the vulnerability
An attacker can generate a fatal error via java.math of IBM Java, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: vulnerabilities of July 2018
Synthesis of the vulnerability
Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, Fedora, AIX, DB2 UDB, Domino, Notes, QRadar SIEM, Tivoli Workload Scheduler, ePO, SnapManager, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 18/07/2018.
Identifiers: ADV-2018-022, CERTFR-2018-AVI-348, cpujul2018, CVE-2018-2938, CVE-2018-2940, CVE-2018-2941, CVE-2018-2942, CVE-2018-2952, CVE-2018-2964, CVE-2018-2972, CVE-2018-2973, DLA-1590-1, DSA-4268-1, FEDORA-2018-0b6ccd1c68, FEDORA-2018-40decc4158, FEDORA-2018-4d58785bcd, FEDORA-2018-877fdbb3f0, FEDORA-2018-c650019e9c, FEDORA-2018-d4bfa98f6a, ibm10725491, ibm10738401, ibm10742729, ibm10743351, NTAP-20180726-0001, openSUSE-SU-2018:2206-1, openSUSE-SU-2018:2247-1, openSUSE-SU-2018:3057-1, openSUSE-SU-2018:3103-1, openSUSE-SU-2019:0042-1, RHSA-2018:2241-01, RHSA-2018:2242-01, RHSA-2018:2253-01, RHSA-2018:2254-01, RHSA-2018:2255-01, RHSA-2018:2256-01, RHSA-2018:2283-01, RHSA-2018:2286-01, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, RHSA-2018:3007-01, RHSA-2018:3008-01, SB10247, SUSE-SU-2018:2083-1, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3045-1, SUSE-SU-2018:3064-1, SUSE-SU-2018:3064-3, SUSE-SU-2018:3082-1, SUSE-SU-2019:0049-1, USN-3734-1, USN-3735-1, USN-3747-1, USN-3747-2, VIGILANCE-VUL-26767.
Description of the vulnerability
Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial) |
Outlook Gpg4win, Thunderbird Enigmail: PGP and S/MIME decryption
Synthesis of the vulnerability
An attacker can use Outlook Gpg4win or Thunderbird Enigmail, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Notes, Office, Outlook, Thunderbird, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/05/2018.
Revision date: 14/05/2018.
Identifiers: CERTFR-2018-ALE-007, CVE-2017-17688, CVE-2017-17689, DSA-4244-1, FEDORA-2018-1f651350de, FEDORA-2018-25525a9346, FEDORA-2018-6020628437, FEDORA-2018-73e30969a4, FEDORA-2018-77fe2e20ad, FEDORA-2018-e6ee09fc50, openSUSE-SU-2018:1329-1, openSUSE-SU-2018:1330-1, openSUSE-SU-2018:1347-1, openSUSE-SU-2018:1392-1, openSUSE-SU-2018:1393-1, openSUSE-SU-2018:1451-1, openSUSE-SU-2018:1454-1, SSA:2018-191-01, VIGILANCE-VUL-26123, VU#122919.
Description of the vulnerability
Plugins can be installed to automatically decrypt received emails encrypted with PGP or S/MIME:
- Apple Mail : GPGTools
- IBM Notes : PGP Lotus Notes Plug-In
- Outlook : Gpg4win
- Thunderbird : Enigmail
- etc.
However, an attacker who has an encrypted email can use these plugins in order to decrypt it, for example using an image in an HTML email.
An attacker can therefore use Outlook Gpg4win or Thunderbird Enigmail, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM Notes: executing DLL code via System Diagnostics
Synthesis of the vulnerability
An attacker can create a malicious System Diagnostics DLL, and then put it in the current directory of IBM Notes, in order to execute code.
Impacted products: Notes.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet server.
Creation date: 09/03/2018.
Identifiers: 2014201, CVE-2018-1437, VIGILANCE-VUL-25510.
Description of the vulnerability
The IBM Notes product uses external shared libraries (DLL).
However, if the working directory contains a malicious System Diagnostics DLL, it is automatically loaded.
An attacker can therefore create a malicious System Diagnostics DLL, and then put it in the current directory of IBM Notes, in order to execute code.
Full Vigil@nce bulletin... (Free trial) |
IBM Notes: executing DLL code
Synthesis of the vulnerability
An attacker can create a malicious DLL, and then put it in the current directory of IBM Notes, in order to execute code.
Impacted products: Notes.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet server.
Creation date: 09/03/2018.
Identifiers: 2014198, CVE-2018-1435, VIGILANCE-VUL-25509.
Description of the vulnerability
The IBM Notes product uses external shared libraries (DLL).
However, if the working directory contains a malicious DLL, it is automatically loaded.
An attacker can therefore create a malicious DLL, and then put it in the current directory of IBM Notes, in order to execute code.
Full Vigil@nce bulletin... (Free trial) |
IBM Notes: privilege escalation
Synthesis of the vulnerability
An attacker can bypass restrictions of IBM Notes, in order to escalate his privileges.
Impacted products: Notes.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 4.
Creation date: 09/02/2018.
Revision date: 14/02/2018.
Identifiers: 2010767, 2010777, CVE-2017-1720, CVE-2018-1409, CVE-2018-1410, CVE-2018-1411, VIGILANCE-VUL-25264.
Description of the vulnerability
An attacker can bypass restrictions of IBM Notes, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
IBM Notes: privilege escalation via NSD
Synthesis of the vulnerability
An attacker can bypass restrictions via NSD of IBM Notes, in order to escalate his privileges.
Impacted products: Notes.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 09/02/2018.
Identifiers: 2010767, 2010777, CVE-2017-1714, VIGILANCE-VUL-25263.
Description of the vulnerability
An attacker can bypass restrictions via NSD of IBM Notes, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about IBM Lotus Notes:
|