The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM Security QRadar SIEM

cybersecurity bulletin CVE-2018-13095

Linux kernel: assertion error via fs/xfs/libxfs/xfs_inode_buf.c

Synthesis of the vulnerability

An attacker can force an assertion error via fs/xfs/libxfs/xfs_inode_buf.c of the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 04/07/2018.
Identifiers: 1103505, CERTFR-2018-AVI-456, CERTFR-2018-AVI-466, CERTFR-2018-AVI-480, CERTFR-2019-AVI-245, CVE-2018-13095, FEDORA-2018-50075276e8, openSUSE-SU-2018:2738-1, openSUSE-SU-2018:3071-1, RHSA-2019:1350-01, RHSA-2019:2029-01, RHSA-2019:2043-01, SUSE-SU-2018:2858-1, SUSE-SU-2018:2862-1, SUSE-SU-2018:2980-1, SUSE-SU-2018:3084-1, VIGILANCE-VUL-26616.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force an assertion error via fs/xfs/libxfs/xfs_inode_buf.c of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-13094

Linux kernel: NULL pointer dereference via xfs_da_shrink_inode

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via xfs_da_shrink_inode() of the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 04/07/2018.
Identifiers: 1103505, CERTFR-2018-AVI-408, CERTFR-2018-AVI-413, CERTFR-2018-AVI-456, CERTFR-2018-AVI-466, CERTFR-2018-AVI-480, CERTFR-2019-AVI-183, CVE-2018-13094, DLA-1529-1, FEDORA-2018-50075276e8, openSUSE-SU-2018:2738-1, openSUSE-SU-2018:3071-1, RHSA-2019:0831-01, RHSA-2019:2029-01, RHSA-2019:2043-01, SUSE-SU-2018:2858-1, SUSE-SU-2018:2862-1, SUSE-SU-2018:2980-1, SUSE-SU-2018:3084-1, USN-3752-1, USN-3752-2, USN-3752-3, USN-3753-1, USN-3753-2, USN-3754-1, VIGILANCE-VUL-26615.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via xfs_da_shrink_inode() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-13093

Linux kernel: NULL pointer dereference via fs/xfs/xfs_icache.c

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via fs/xfs/xfs_icache.c of the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 04/07/2018.
Identifiers: 1103505, CERTFR-2018-AVI-456, CERTFR-2018-AVI-460, CERTFR-2018-AVI-466, CERTFR-2018-AVI-480, CERTFR-2019-AVI-188, CERTFR-2019-AVI-391, CERTFR-2019-AVI-419, CVE-2018-13093, DLA-1529-1, FEDORA-2018-50075276e8, openSUSE-SU-2018:2738-1, openSUSE-SU-2018:3071-1, RHSA-2019:2029-01, RHSA-2019:2043-01, SUSE-SU-2018:2858-1, SUSE-SU-2018:2862-1, SUSE-SU-2018:2908-1, SUSE-SU-2018:2908-2, SUSE-SU-2018:2980-1, SUSE-SU-2018:3083-1, SUSE-SU-2018:3084-1, USN-4094-1, USN-4118-1, VIGILANCE-VUL-26614.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via fs/xfs/xfs_icache.c of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2018-13053

Linux kernel: integer overflow via alarm_timer_nsleep

Synthesis of the vulnerability

An attacker can generate an integer overflow via alarm_timer_nsleep() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 03/07/2018.
Identifiers: 1103505, CERTFR-2018-AVI-358, CERTFR-2018-AVI-365, CERTFR-2018-AVI-392, CERTFR-2018-AVI-426, CERTFR-2018-AVI-557, CERTFR-2019-AVI-183, CERTFR-2019-AVI-391, CERTFR-2019-AVI-419, CVE-2018-13053, DLA-1715-1, DLA-1731-1, DLA-1731-2, FEDORA-2018-50075276e8, openSUSE-SU-2018:2118-1, openSUSE-SU-2018:2119-1, RHSA-2019:0831-01, RHSA-2019:2029-01, RHSA-2019:2043-01, SSA:2019-030-01, SSB-439005, SUSE-SU-2018:2051-1, SUSE-SU-2018:2150-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2344-1, SUSE-SU-2018:2362-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2384-1, SUSE-SU-2018:2637-1, USN-3821-1, USN-3821-2, USN-4094-1, USN-4118-1, VIGILANCE-VUL-26605.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate an integer overflow via alarm_timer_nsleep() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2018-7755

Linux kernel: information disclosure via fd_locked_ioctl

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via fd_locked_ioctl() of the Linux kernel, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 03/07/2018.
Identifiers: 1103505, CERTFR-2018-AVI-321, CVE-2018-7755, DLA-1529-1, DLA-1531-1, DSA-4308-1, RHSA-2019:2029-01, RHSA-2019:2043-01, SSA:2019-030-01, USN-3695-1, USN-3695-2, USN-3696-1, USN-3696-2, USN-3697-1, USN-3697-2, USN-3698-1, USN-3698-2, USN-3718-1, USN-3718-2, VIGILANCE-VUL-26600.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via fd_locked_ioctl() of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-12536

Eclipse Jetty: information disclosure via InvalidPathException Message

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via InvalidPathException Message of Eclipse Jetty, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/06/2018.
Identifiers: 1103493, CVE-2018-12536, NTAP-20181014-0001, VIGILANCE-VUL-26536.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via InvalidPathException Message of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-7658

Eclipse Jetty: information disclosure via Double Content-Length

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Double Content-Length of Eclipse Jetty, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/06/2018.
Identifiers: 1103493, CVE-2017-7658, DSA-4278-1, FEDORA-2018-48b73ed393, FEDORA-2018-93a507fd0f, NTAP-20181014-0001, VIGILANCE-VUL-26535.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Double Content-Length of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2017-7657

Eclipse Jetty: information disclosure via Transfer-Encoding Request Smuggling

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Transfer-Encoding Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/06/2018.
Identifiers: 1103493, CVE-2017-7657, DSA-4278-1, FEDORA-2018-48b73ed393, FEDORA-2018-93a507fd0f, NTAP-20181014-0001, VIGILANCE-VUL-26534.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Transfer-Encoding Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2017-7656

Eclipse Jetty: information disclosure via HTTP/0.9 Request Smuggling

Synthesis of the vulnerability

An attacker can use a vulnerability via HTTP/0.9 Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/06/2018.
Identifiers: 1103493, CVE-2017-7656, DSA-4278-1, FEDORA-2018-48b73ed393, FEDORA-2018-93a507fd0f, NTAP-20181014-0001, VIGILANCE-VUL-26533.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Eclipse Jetty product offers a web service.

However, an attacker can bypass access restrictions to data.

An attacker can therefore use a vulnerability via HTTP/0.9 Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-10853

Linux kernel: privilege escalation via kvm/emulate.c

Synthesis of the vulnerability

An attacker can bypass restrictions via kvm/emulate.c of the Linux kernel, in order to escalate his privileges.
Severity: 2/4.
Creation date: 15/06/2018.
Identifiers: 1103505, CERTFR-2018-AVI-415, CERTFR-2018-AVI-460, CERTFR-2018-AVI-462, CERTFR-2018-AVI-480, CERTFR-2018-AVI-508, CERTFR-2019-AVI-188, CVE-2018-10853, DLA-1422-1, DLA-1422-2, DLA-1423-1, DLA-1424-1, DLA-1434-1, FEDORA-2018-f1b818a5c9, openSUSE-SU-2018:2407-1, openSUSE-SU-2019:1407-1, RHSA-2019:2029-01, RHSA-2019:2043-01, SUSE-SU-2018:2538-1, SUSE-SU-2018:2539-1, SUSE-SU-2018:2908-1, SUSE-SU-2018:2908-2, SUSE-SU-2018:3083-1, SUSE-SU-2018:3084-1, SUSE-SU-2019:1245-1, USN-3777-1, USN-3777-2, USN-3777-3, VIGILANCE-VUL-26434.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via kvm/emulate.c of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM Security QRadar SIEM: