The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM Spectrum Protect

computer vulnerability bulletin CVE-2019-15807

Linux kernel: assertion error via sas_ex_discover_expander

Synthesis of the vulnerability

An attacker can force an assertion error via sas_ex_discover_expander() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Tivoli Storage Manager, Linux.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 30/08/2019.
Identifiers: CVE-2019-15807, DLA-1919-1, DLA-1919-2, VIGILANCE-VUL-30208.

Description of the vulnerability

An attacker can force an assertion error via sas_ex_discover_expander() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-10140

RHEL 7: NULL pointer dereference via ovl_posix_acl_create

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ovl_posix_acl_create() of RHEL 7, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager, RHEL.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 19/08/2019.
Identifiers: CVE-2019-10140, RHBUG-1677778, VIGILANCE-VUL-30075.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ovl_posix_acl_create() of RHEL 7, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-14284

Linux kernel: denial of service via setup_format_params

Synthesis of the vulnerability

An attacker can trigger a fatal error via setup_format_params() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Tivoli Storage Manager, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: document.
Creation date: 29/07/2019.
Identifiers: CERTFR-2019-AVI-376, CERTFR-2019-AVI-381, CERTFR-2019-AVI-392, CERTFR-2019-AVI-417, CERTFR-2019-AVI-418, CERTFR-2019-AVI-419, CERTFR-2019-AVI-441, CVE-2019-14284, DLA-1884-1, DLA-1885-1, DSA-4495-1, DSA-4497-1, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, SSA:2019-226-01, SUSE-SU-2019:14157-1, SUSE-SU-2019:2068-1, SUSE-SU-2019:2069-1, SUSE-SU-2019:2070-1, SUSE-SU-2019:2071-1, SUSE-SU-2019:2072-1, SUSE-SU-2019:2073-1, SUSE-SU-2019:2262-1, SUSE-SU-2019:2263-1, SUSE-SU-2019:2299-1, USN-4114-1, USN-4115-1, USN-4115-2, USN-4116-1, USN-4117-1, USN-4118-1, VIGILANCE-VUL-29904.

Description of the vulnerability

An attacker can trigger a fatal error via setup_format_params() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-14283

Linux kernel: out-of-bounds memory reading via set_geometry

Synthesis of the vulnerability

An attacker can force a read at an invalid address via set_geometry() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Tivoli Storage Manager, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading, denial of service on server.
Provenance: user shell.
Creation date: 29/07/2019.
Identifiers: CERTFR-2019-AVI-376, CERTFR-2019-AVI-381, CERTFR-2019-AVI-392, CERTFR-2019-AVI-417, CERTFR-2019-AVI-418, CERTFR-2019-AVI-419, CERTFR-2019-AVI-441, CVE-2019-14283, DLA-1884-1, DLA-1885-1, DSA-4495-1, DSA-4497-1, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, SSA:2019-226-01, SUSE-SU-2019:14157-1, SUSE-SU-2019:2068-1, SUSE-SU-2019:2069-1, SUSE-SU-2019:2070-1, SUSE-SU-2019:2071-1, SUSE-SU-2019:2072-1, SUSE-SU-2019:2073-1, SUSE-SU-2019:2262-1, SUSE-SU-2019:2263-1, SUSE-SU-2019:2299-1, USN-4114-1, USN-4115-1, USN-4115-2, USN-4116-1, USN-4117-1, USN-4118-1, VIGILANCE-VUL-29903.

Description of the vulnerability

An attacker can force a read at an invalid address via set_geometry() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-4236

IBM Spectrum Protect Backup-Archive Client: read-write access via VxFS HP-UX Filesystems

Synthesis of the vulnerability

An attacker can bypass access restrictions via VxFS HP-UX Filesystems of IBM Spectrum Protect Backup-Archive Client, in order to read or alter data.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 19/07/2019.
Identifiers: CVE-2019-4236, ibm10884766, VIGILANCE-VUL-29828.

Description of the vulnerability

An attacker can bypass access restrictions via VxFS HP-UX Filesystems of IBM Spectrum Protect Backup-Archive Client, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-4267

IBM Spectrum Protect Backup-Archive Client: buffer overflow

Synthesis of the vulnerability

An attacker can trigger a buffer overflow of IBM Spectrum Protect Backup-Archive Client, in order to trigger a denial of service, and possibly to run code.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 19/07/2019.
Identifiers: CVE-2019-4267, ibm10884768, VIGILANCE-VUL-29827.

Description of the vulnerability

An attacker can trigger a buffer overflow of IBM Spectrum Protect Backup-Archive Client, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-13272

Linux kernel: privilege escalation via ptrace_link

Synthesis of the vulnerability

An attacker can bypass restrictions via ptrace_link of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Fedora, Tivoli Storage Manager, Linux, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 18/07/2019.
Identifiers: CERTFR-2019-AVI-375, CERTFR-2019-AVI-391, CERTFR-2019-AVI-419, CVE-2019-13272, DLA-1862-1, DLA-1863-1, DSA-4484-1, FEDORA-2019-a95015e60f, PROJ-ZERO-1903, RHSA-2019:2405-01, RHSA-2019:2411-01, RHSA-2019:2809-01, SSA:2019-202-01, USN-4093-1, USN-4094-1, USN-4095-1, USN-4095-2, USN-4117-1, USN-4118-1, VIGILANCE-VUL-29820.

Description of the vulnerability

An attacker can bypass restrictions via ptrace_link of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-13233

Linux kernel: use after free via BR Exception modify_ldt

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via BR Exception modify_ldt() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Tivoli Storage Manager, Linux, openSUSE Leap, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 05/07/2019.
Identifiers: 1879, CERTFR-2019-AVI-337, CERTFR-2019-AVI-381, CERTFR-2019-AVI-391, CERTFR-2019-AVI-419, CVE-2019-13233, DSA-4495-1, openSUSE-SU-2019:1757-1, SUSE-SU-2019:1854-1, USN-4093-1, USN-4094-1, USN-4117-1, USN-4118-1, VIGILANCE-VUL-29695.

Description of the vulnerability

An attacker can force the usage of a freed memory area via BR Exception modify_ldt() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-4140

IBM Spectrum Protect Server: information disclosure via Password Disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Password Disclosure of IBM Spectrum Protect Server, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/07/2019.
Identifiers: CVE-2019-4140, ibm10883346, VIGILANCE-VUL-29680.

Description of the vulnerability

An attacker can bypass access restrictions to data via Password Disclosure of IBM Spectrum Protect Server, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-4129

IBM Spectrum Protect Operations Center: information disclosure via Stack Trace Message

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Stack Trace Message of IBM Spectrum Protect Operations Center, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 03/07/2019.
Identifiers: CVE-2019-4129, ibm10883236, VIGILANCE-VUL-29679.

Description of the vulnerability

An attacker can bypass access restrictions to data via Stack Trace Message of IBM Spectrum Protect Operations Center, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM Spectrum Protect: