| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of IBM Spectrum Protect
Linux kernel: assertion error via sas_ex_discover_expander
Synthesis of the vulnerability
An attacker can force an assertion error via sas_ex_discover_expander() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Tivoli Storage Manager, Linux.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 30/08/2019.
Identifiers: CVE-2019-15807, DLA-1919-1, DLA-1919-2, VIGILANCE-VUL-30208.
Description of the vulnerability
An attacker can force an assertion error via sas_ex_discover_expander() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
RHEL 7: NULL pointer dereference via ovl_posix_acl_create
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced via ovl_posix_acl_create() of RHEL 7, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager, RHEL.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 19/08/2019.
Identifiers: CVE-2019-10140, RHBUG-1677778, VIGILANCE-VUL-30075.
Description of the vulnerability
An attacker can force a NULL pointer to be dereferenced via ovl_posix_acl_create() of RHEL 7, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: denial of service via setup_format_params
Synthesis of the vulnerability
An attacker can trigger a fatal error via setup_format_params() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Tivoli Storage Manager, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: document.
Creation date: 29/07/2019.
Identifiers: CERTFR-2019-AVI-376, CERTFR-2019-AVI-381, CERTFR-2019-AVI-392, CERTFR-2019-AVI-417, CERTFR-2019-AVI-418, CERTFR-2019-AVI-419, CERTFR-2019-AVI-441, CVE-2019-14284, DLA-1884-1, DLA-1885-1, DSA-4495-1, DSA-4497-1, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, SSA:2019-226-01, SUSE-SU-2019:14157-1, SUSE-SU-2019:2068-1, SUSE-SU-2019:2069-1, SUSE-SU-2019:2070-1, SUSE-SU-2019:2071-1, SUSE-SU-2019:2072-1, SUSE-SU-2019:2073-1, SUSE-SU-2019:2262-1, SUSE-SU-2019:2263-1, SUSE-SU-2019:2299-1, USN-4114-1, USN-4115-1, USN-4115-2, USN-4116-1, USN-4117-1, USN-4118-1, VIGILANCE-VUL-29904.
Description of the vulnerability
An attacker can trigger a fatal error via setup_format_params() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: out-of-bounds memory reading via set_geometry
Synthesis of the vulnerability
An attacker can force a read at an invalid address via set_geometry() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Tivoli Storage Manager, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading, denial of service on server.
Provenance: user shell.
Creation date: 29/07/2019.
Identifiers: CERTFR-2019-AVI-376, CERTFR-2019-AVI-381, CERTFR-2019-AVI-392, CERTFR-2019-AVI-417, CERTFR-2019-AVI-418, CERTFR-2019-AVI-419, CERTFR-2019-AVI-441, CVE-2019-14283, DLA-1884-1, DLA-1885-1, DSA-4495-1, DSA-4497-1, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, SSA:2019-226-01, SUSE-SU-2019:14157-1, SUSE-SU-2019:2068-1, SUSE-SU-2019:2069-1, SUSE-SU-2019:2070-1, SUSE-SU-2019:2071-1, SUSE-SU-2019:2072-1, SUSE-SU-2019:2073-1, SUSE-SU-2019:2262-1, SUSE-SU-2019:2263-1, SUSE-SU-2019:2299-1, USN-4114-1, USN-4115-1, USN-4115-2, USN-4116-1, USN-4117-1, USN-4118-1, VIGILANCE-VUL-29903.
Description of the vulnerability
An attacker can force a read at an invalid address via set_geometry() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect Backup-Archive Client: read-write access via VxFS HP-UX Filesystems
Synthesis of the vulnerability
An attacker can bypass access restrictions via VxFS HP-UX Filesystems of IBM Spectrum Protect Backup-Archive Client, in order to read or alter data.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 19/07/2019.
Identifiers: CVE-2019-4236, ibm10884766, VIGILANCE-VUL-29828.
Description of the vulnerability
An attacker can bypass access restrictions via VxFS HP-UX Filesystems of IBM Spectrum Protect Backup-Archive Client, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect Backup-Archive Client: buffer overflow
Synthesis of the vulnerability
An attacker can trigger a buffer overflow of IBM Spectrum Protect Backup-Archive Client, in order to trigger a denial of service, and possibly to run code.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 19/07/2019.
Identifiers: CVE-2019-4267, ibm10884768, VIGILANCE-VUL-29827.
Description of the vulnerability
An attacker can trigger a buffer overflow of IBM Spectrum Protect Backup-Archive Client, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: privilege escalation via ptrace_link
Synthesis of the vulnerability
An attacker can bypass restrictions via ptrace_link of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Fedora, Tivoli Storage Manager, Linux, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 18/07/2019.
Identifiers: CERTFR-2019-AVI-375, CERTFR-2019-AVI-391, CERTFR-2019-AVI-419, CVE-2019-13272, DLA-1862-1, DLA-1863-1, DSA-4484-1, FEDORA-2019-a95015e60f, PROJ-ZERO-1903, RHSA-2019:2405-01, RHSA-2019:2411-01, RHSA-2019:2809-01, SSA:2019-202-01, USN-4093-1, USN-4094-1, USN-4095-1, USN-4095-2, USN-4117-1, USN-4118-1, VIGILANCE-VUL-29820.
Description of the vulnerability
An attacker can bypass restrictions via ptrace_link of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: use after free via BR Exception modify_ldt
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area via BR Exception modify_ldt() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Tivoli Storage Manager, Linux, openSUSE Leap, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 05/07/2019.
Identifiers: 1879, CERTFR-2019-AVI-337, CERTFR-2019-AVI-381, CERTFR-2019-AVI-391, CERTFR-2019-AVI-419, CVE-2019-13233, DSA-4495-1, openSUSE-SU-2019:1757-1, SUSE-SU-2019:1854-1, USN-4093-1, USN-4094-1, USN-4117-1, USN-4118-1, VIGILANCE-VUL-29695.
Description of the vulnerability
An attacker can force the usage of a freed memory area via BR Exception modify_ldt() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect Server: information disclosure via Password Disclosure
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Password Disclosure of IBM Spectrum Protect Server, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/07/2019.
Identifiers: CVE-2019-4140, ibm10883346, VIGILANCE-VUL-29680.
Description of the vulnerability
An attacker can bypass access restrictions to data via Password Disclosure of IBM Spectrum Protect Server, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect Operations Center: information disclosure via Stack Trace Message
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Stack Trace Message of IBM Spectrum Protect Operations Center, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 03/07/2019.
Identifiers: CVE-2019-4129, ibm10883236, VIGILANCE-VUL-29679.
Description of the vulnerability
An attacker can bypass access restrictions to data via Stack Trace Message of IBM Spectrum Protect Operations Center, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about IBM Spectrum Protect:
|