The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM Tivoli Storage Manager

computer vulnerability note CVE-2018-2783 CVE-2018-2790 CVE-2018-2794

Oracle Java: vulnerabilities of April 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, AIX, DB2 UDB, IBM i, IRAD, Rational ClearCase, Security Directory Server, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 18/04/2018.
Identifiers: 2016282, CERTFR-2018-AVI-188, cpuapr2018, CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2811, CVE-2018-2814, CVE-2018-2815, CVE-2018-2825, CVE-2018-2826, DSA-4185-1, DSA-4225-1, FEDORA-2018-40c4930c83, FEDORA-2018-579ff80ed8, FEDORA-2018-77533e644b, FEDORA-2018-9aa8064e12, ibm10713455, ibm10715641, ibm10716001, ibm10717125, ibm10717149, ibm10717207, ibm10717275, ibm10717537, ibm10718843, ibm10719319, ibm10719993, K15217245, K33924005, K44923228, K70321874, openSUSE-SU-2018:1710-1, openSUSE-SU-2018:1719-1, RHSA-2018:1188-01, RHSA-2018:1191-01, RHSA-2018:1201-01, RHSA-2018:1202-01, RHSA-2018:1203-01, RHSA-2018:1204-01, RHSA-2018:1205-01, RHSA-2018:1206-01, RHSA-2018:1270-01, RHSA-2018:1278-01, RHSA-2018:1721-01, RHSA-2018:1722-01, RHSA-2018:1723-01, RHSA-2018:1724-01, SB10234, SUSE-SU-2018:1447-1, SUSE-SU-2018:1458-1, SUSE-SU-2018:1690-1, SUSE-SU-2018:1692-1, SUSE-SU-2018:1738-1, SUSE-SU-2018:1764-1, SUSE-SU-2018:1938-1, SUSE-SU-2018:1938-2, SUSE-SU-2018:2068-1, swg22016419, USN-3644-1, USN-3691-1, USN-3747-1, USN-3747-2, VIGILANCE-VUL-25899, ZDI-18-306, ZDI-18-307.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-1768

Apache OpenJPA: code execution via BrokerFactory

Synthesis of the vulnerability

An attacker can use a vulnerability via BrokerFactory of Apache OpenJPA, in order to run code.
Impacted products: Fedora, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, Oracle Fusion Middleware, Tuxedo, WebLogic.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 18/04/2018.
Identifiers: 1671636, cpuapr2018, CVE-2013-1768, FEDORA-2013-12948, FEDORA-2013-12960, FEDORA-2013-12967, ibm10719109, MDVSA-2013:246, RHSA-2013:1185-01, swg21639553, swg21640799, swg21644047, swg24034966, swg27007951, VIGILANCE-VUL-25898.

Description of the vulnerability

An attacker can use a vulnerability via BrokerFactory of Apache OpenJPA, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1447

GSKit: vulnerability

Synthesis of the vulnerability

A vulnerability of GSKit was announced.
Impacted products: AIX, Rational ClearCase, SPSS Modeler, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: internet client.
Creation date: 03/04/2018.
Identifiers: 2012827, 2014202, 2014575, 2014651, 2015080, CVE-2018-1447, ibm10732391, ibm10733605, ibm10738249, VIGILANCE-VUL-25757.

Description of the vulnerability

A vulnerability of GSKit was announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1426 CVE-2018-1427 CVE-2018-1428

IBM GSKit: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of IBM GSKit.
Impacted products: AIX, DB2 UDB, Rational ClearCase, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 30/03/2018.
Identifiers: 1994955, 2012827, 2014202, 2014651, 2014669, 2015080, CVE-2018-1426, CVE-2018-1427, CVE-2018-1428, ibm10732391, ibm10733605, ibm10738249, VIGILANCE-VUL-25729.

Description of the vulnerability

An attacker can use several vulnerabilities of IBM GSKit.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-0739

OpenSSL: denial of service via Recursive ASN.1

Synthesis of the vulnerability

An attacker can generate a fatal error via Recursive ASN.1 of OpenSSL, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Avamar, BIG-IP Hardware, TMOS, Fedora, AIX, IBM i, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, WebSphere MQ, MariaDB ~ precise, McAfee Email Gateway, MySQL Community, MySQL Enterprise, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, RHEL, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, X2GoClient.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 27/03/2018.
Identifiers: 2015887, 524146, bulletinjan2019, CERTFR-2018-AVI-155, cpuapr2019, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-0739, DLA-1330-1, DSA-2018-125, DSA-4157-1, DSA-4158-1, FEDORA-2018-1b4f1158e2, FEDORA-2018-40dc8b8b16, FEDORA-2018-76afaf1961, FEDORA-2018-9490b422e7, ibm10715641, ibm10717211, ibm10717405, ibm10717409, ibm10719319, ibm10733605, ibm10738249, ibm10874728, K08044291, N1022561, openSUSE-SU-2018:0936-1, openSUSE-SU-2018:1057-1, openSUSE-SU-2018:2208-1, openSUSE-SU-2018:2238-1, openSUSE-SU-2018:2524-1, openSUSE-SU-2018:2695-1, PAN-SA-2018-0015, RHSA-2018:3090-01, RHSA-2018:3221-01, SA166, SB10243, SSA-181018, SUSE-SU-2018:0902-1, SUSE-SU-2018:0905-1, SUSE-SU-2018:0906-1, SUSE-SU-2018:0975-1, SUSE-SU-2018:2072-1, SUSE-SU-2018:2158-1, SUSE-SU-2018:2683-1, Synology-SA-18:51, USN-3611-1, USN-3611-2, VIGILANCE-VUL-25666.

Description of the vulnerability

An attacker can generate a fatal error via Recursive ASN.1 of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0733

OpenSSL: privilege escalation via HP-UX PA-RISC CRYPTO_memcmp

Synthesis of the vulnerability

An attacker can bypass restrictions via HP-UX PA-RISC CRYPTO_memcmp() of OpenSSL, in order to escalate his privileges.
Impacted products: Fedora, IBM i, Tivoli Storage Manager, OpenSSL, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Tuxedo, Oracle Virtual Directory, WebLogic.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 27/03/2018.
Identifiers: CERTFR-2018-AVI-155, cpuapr2019, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-0733, FEDORA-2018-40dc8b8b16, FEDORA-2018-76afaf1961, ibm10717405, ibm10717409, N1022561, VIGILANCE-VUL-25665.

Description of the vulnerability

An attacker can bypass restrictions via HP-UX PA-RISC CRYPTO_memcmp() of OpenSSL, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-2579 CVE-2018-2581 CVE-2018-2582

Oracle Java: vulnerabilities of January 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, Fedora, AIX, DB2 UDB, IBM i, IRAD, Rational ClearCase, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 21.
Creation date: 17/01/2018.
Identifiers: 2013818, 2014315, 2015656, 2016042, 2016207, 2016278, 2016496, 2016502, CERTFR-2018-AVI-036, cpujan2018, CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2675, CVE-2018-2677, CVE-2018-2678, DLA-1339-1, DSA-4144-1, DSA-4166-1, FEDORA-2018-223d8fc52a, FEDORA-2018-a82015aa02, FEDORA-2018-d50769efa0, FEDORA-2018-e2e52fb0bf, ibm10715641, ibm10717143, ibm10717207, ibm10718843, ibm10719115, ibm10719319, JSA10873, N1022544, openSUSE-SU-2018:0679-1, openSUSE-SU-2018:0684-1, RHSA-2018:0095-01, RHSA-2018:0099-01, RHSA-2018:0100-01, RHSA-2018:0115-01, RHSA-2018:0349-01, RHSA-2018:0351-01, RHSA-2018:0352-01, RHSA-2018:0458-01, RHSA-2018:0521-01, SB10225, SUSE-SU-2018:0630-1, SUSE-SU-2018:0645-1, SUSE-SU-2018:0661-1, SUSE-SU-2018:0663-1, SUSE-SU-2018:0665-1, SUSE-SU-2018:0694-1, USN-3613-1, USN-3614-1, VIGILANCE-VUL-25082.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-3738

OpenSSL: information disclosure via rsaz_1024_mul_avx2

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via rsaz_1024_mul_avx2() of OpenSSL, in order to obtain sensitive information.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, FreeBSD, hMailServer, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Percona Server, pfSense, RHEL, Slackware, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, WinSCP, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 07/12/2017.
Identifiers: 2014324, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-452, CERTFR-2018-AVI-155, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2017-3738, DSA-4065-1, DSA-4157-1, FEDORA-2017-e6be32cb7a, FreeBSD-SA-17:12.openssl, ibm10716907, ibm10717405, ibm10717409, ibm10719113, JSA10851, openSUSE-SU-2017:3345-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, SA159, SSA:2017-342-01, swg21647054, USN-3512-1, VIGILANCE-VUL-24698.

Description of the vulnerability

An attacker can bypass access restrictions to data via rsaz_1024_mul_avx2() of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3737

OpenSSL: information disclosure via SSL_read/SSL_write After Error

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SSL_read/SSL_write After Error of OpenSSL, in order to obtain sensitive information.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, FreeBSD, hMailServer, AIX, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Solaris, Tuxedo, VirtualBox, WebLogic, Percona Server, pfSense, RHEL, SIMATIC, Slackware, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, WinSCP, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 07/12/2017.
Identifiers: 2014324, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-452, CERTFR-2018-AVI-376, cpuapr2018, cpujan2018, cpujul2018, cpujul2019, CVE-2017-3737, DSA-4065-1, FreeBSD-SA-17:12.openssl, ibm10715641, ibm10716907, ibm10717405, ibm10717409, ibm10719113, ibm10738249, JSA10851, JSA10873, openSUSE-SU-2017:3345-1, openSUSE-SU-2018:0223-1, openSUSE-SU-2018:1057-1, RHSA-2018:0998-01, SA159, SSA-179516, SSA:2017-342-01, swg21647054, USN-3512-1, VIGILANCE-VUL-24697.

Description of the vulnerability

An attacker can bypass access restrictions to data via SSL_read/SSL_write After Error of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-3736

OpenSSL: Man-in-the-Middle via bn_sqrx8x_internal

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Impacted products: SDS, SNS, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, hMailServer, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Email Gateway, McAfee NSP, McAfee NTBA, VirusScan, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, pfSense, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 02/11/2017.
Identifiers: 2012827, 2013025, 2014202, 2014651, 2014669, 2015080, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-391, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2017-3736, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, ibm10715641, ibm10719113, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10851, K14363514, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA157, SB10211, SB10220, SSA:2017-306-02, STORM-2017-006, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24316.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM Tivoli Storage Manager: