The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Juniper Junos Space Ethernet Design

computer vulnerability bulletin CVE-2018-10675

Linux kernel: use after free via do_get_mempolicy

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via do_get_mempolicy() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: QRadar SIEM, Junos Space, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 03/05/2018.
Identifiers: CERTFR-2018-AVI-256, CERTFR-2018-AVI-319, CERTFR-2018-AVI-330, CERTFR-2018-AVI-386, CERTFR-2018-AVI-408, CERTFR-2018-AVI-457, CERTFR-2018-AVI-584, CVE-2018-10675, ibm10742755, JSA10917, RHSA-2018:2164-01, RHSA-2018:2384-01, RHSA-2018:2395-01, RHSA-2018:2785-01, RHSA-2018:2791-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, SUSE-SU-2018:1368-1, SUSE-SU-2018:1374-1, SUSE-SU-2018:1375-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1846-1, USN-3754-1, VIGILANCE-VUL-26038.

Description of the vulnerability

An attacker can force the usage of a freed memory area via do_get_mempolicy() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-7566

Linux kernel: memory corruption via snd_seq_pool_init

Synthesis of the vulnerability

An attacker can generate a memory corruption via snd_seq_pool_init() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, QRadar SIEM, Junos Space, Linux, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: document.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-161, CERTFR-2018-AVI-197, CERTFR-2018-AVI-198, CERTFR-2018-AVI-206, CERTFR-2018-AVI-224, CERTFR-2018-AVI-241, CERTFR-2018-AVI-386, CERTFR-2018-AVI-508, CERTFR-2018-AVI-584, CERTFR-2019-AVI-278, cpuapr2019, CVE-2018-7566, DLA-1369-1, DSA-4187-1, DSA-4188-1, ibm10742755, JSA10917, RHSA-2018:2384-01, RHSA-2018:2390-01, RHSA-2018:2395-01, RHSA-2018:2948-01, RHSA-2019:1483-01, RHSA-2019:1487-01, SUSE-SU-2018:0834-1, SUSE-SU-2018:0848-1, SUSE-SU-2018:1080-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1309-1, USN-3631-1, USN-3631-2, USN-3798-1, USN-3798-2, VIGILANCE-VUL-25718.

Description of the vulnerability

An attacker can generate a memory corruption via snd_seq_pool_init() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1064

libvirt: denial of service via QEMU Guest Agent

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a fatal error via QEMU Guest Agent of libvirt, in order to trigger a denial of service on the host system.
Impacted products: Debian, Junos Space, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: privileged shell.
Creation date: 15/03/2018.
Identifiers: CVE-2018-1064, DLA-1315-1, DSA-4137-1, JSA10917, openSUSE-SU-2018:0939-1, RHSA-2018:1396-01, RHSA-2018:1929-01, SUSE-SU-2018:0838-1, SUSE-SU-2018:0861-1, SUSE-SU-2018:0920-1, SUSE-SU-2018:2082-1, SUSE-SU-2018:2141-1, USN-3680-1, VIGILANCE-VUL-25557.

Description of the vulnerability

An attacker, inside a guest system, can generate a fatal error via QEMU Guest Agent of libvirt, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1050

Samba: denial of service via Spoolss As External Daemon

Synthesis of the vulnerability

An attacker can generate a fatal error via Spoolss As External Daemon of Samba, in order to trigger a denial of service.
Impacted products: Debian, Fedora, IBM i, Junos Space, openSUSE Leap, Solaris, RHEL, Samba, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 13/03/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-121, CVE-2018-1050, DLA-1320-1, DLA-1754-1, DSA-4135-1, FEDORA-2018-7d0acd608b, FEDORA-2018-c5c651ac44, JSA10917, N1022524, openSUSE-SU-2018:0801-1, RHSA-2018:1860-01, RHSA-2018:1883-01, RHSA-2018:3056-01, SUSE-SU-2018:2321-1, SUSE-SU-2018:2339-1, USN-3595-1, USN-3595-2, VIGILANCE-VUL-25533.

Description of the vulnerability

An attacker can generate a fatal error via Spoolss As External Daemon of Samba, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-7858

QEMU: denial of service via vga_draw_graphic

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a fatal error via vga_draw_graphic() of QEMU, in order to trigger a denial of service on the host system.
Impacted products: Junos Space, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: privileged shell.
Creation date: 09/03/2018.
Identifiers: CVE-2018-7858, JSA10917, openSUSE-SU-2019:1074-1, RHSA-2018:1416-01, RHSA-2018:2162-01, SUSE-SU-2019:0489-1, SUSE-SU-2019:0582-1, USN-3649-1, VIGILANCE-VUL-25516.

Description of the vulnerability

An attacker, inside a guest system, can generate a fatal error via vga_draw_graphic() of QEMU, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-5753 CVE-2018-3693

Processors: memory reading via Spectre Bounds Check

Synthesis of the vulnerability

A local attacker can access to the kernel memory, in order to read sensitive information.
Impacted products: SNS, iOS by Apple, Mac OS X, Blue Coat CAS, Cisco ASR, Cisco Catalyst, Nexus by Cisco, NX-OS, Cisco Router, Cisco UCS, XenServer, Debian, ConnectPort TSx, Avamar, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, Android OS, Chrome, AIX, IBM i, QRadar SIEM, Juniper J-Series, Junos OS, Junos Space, NSMXpress, Linux, McAfee Email Gateway, McAfee NSM, McAfee NTBA, McAfee Web Gateway, Meinberg NTP Server, Edge, IE, SQL Server, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, Firefox, openSUSE Leap, Opera, Oracle Communications, Solaris, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, RHEL, SIMATIC, Sonus SBC, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/01/2018.
Revision date: 21/02/2018.
Identifiers: 2016636, 519675, ADV180002, bulletinjan2018, bulletinjul2018, CERTFR-2018-AVI-004, CERTFR-2018-AVI-005, CERTFR-2018-AVI-006, CERTFR-2018-AVI-008, CERTFR-2018-AVI-009, CERTFR-2018-AVI-012, CERTFR-2018-AVI-013, CERTFR-2018-AVI-014, CERTFR-2018-AVI-016, CERTFR-2018-AVI-027, CERTFR-2018-AVI-029, CERTFR-2018-AVI-032, CERTFR-2018-AVI-048, CERTFR-2018-AVI-049, CERTFR-2018-AVI-077, CERTFR-2018-AVI-079, CERTFR-2018-AVI-094, CERTFR-2018-AVI-114, CERTFR-2018-AVI-124, CERTFR-2018-AVI-134, CERTFR-2018-AVI-208, CERTFR-2018-AVI-256, CERTFR-2018-AVI-365, CERTFR-2018-AVI-584, CERTFR-2019-AVI-042, CERTFR-2019-AVI-052, CERTFR-2019-AVI-131, CERTFR-2019-AVI-242, CERTFR-2019-AVI-361, cisco-sa-20180104-cpusidechannel, cpuapr2018, cpuapr2019, CTX231390, CTX231399, CVE-2017-5753, CVE-2018-3693, DLA-1422-1, DLA-1422-2, DLA-1423-1, DLA-1424-1, DLA-1434-1, DLA-1731-1, DLA-1731-2, DSA-2018-049, DSA-4187-1, DSA-4188-1, FEDORA-2018-21a7ad920c, FEDORA-2018-276558ff6f, FEDORA-2018-6b319763ab, FEDORA-2018-7e17849364, FEDORA-2018-e6fe35524d, FEDORA-2018-fb582aabcc, FG-IR-18-002, HT208397, HT208401, ibm10742755, INTEL-OSS-10002, JSA10842, JSA10873, JSA10917, K91229003, MBGSA-1801, MFSA-2018-01, N1022433, nas8N1022433, openSUSE-SU-2018:0022-1, openSUSE-SU-2018:0023-1, openSUSE-SU-2018:0326-1, openSUSE-SU-2018:0459-1, openSUSE-SU-2018:1623-1, openSUSE-SU-2018:2119-1, RHSA-2018:0007-01, RHSA-2018:0008-01, RHSA-2018:0009-01, RHSA-2018:0010-01, RHSA-2018:0011-01, RHSA-2018:0012-01, RHSA-2018:0013-01, RHSA-2018:0014-01, RHSA-2018:0015-01, RHSA-2018:0016-01, RHSA-2018:0017-01, RHSA-2018:0018-01, RHSA-2018:0020-01, RHSA-2018:0021-01, RHSA-2018:0022-01, RHSA-2018:0023-01, RHSA-2018:0024-01, RHSA-2018:0025-01, RHSA-2018:0026-01, RHSA-2018:0027-01, RHSA-2018:0028-01, RHSA-2018:0029-01, RHSA-2018:0030-01, RHSA-2018:0031-01, RHSA-2018:0032-01, RHSA-2018:0034-01, RHSA-2018:0035-01, RHSA-2018:0036-01, RHSA-2018:0037-01, RHSA-2018:0038-01, RHSA-2018:0039-01, RHSA-2018:0040-01, RHSA-2018:0053-01, RHSA-2018:0093-01, RHSA-2018:0094-01, RHSA-2018:0103-01, RHSA-2018:0104-01, RHSA-2018:0105-01, RHSA-2018:0106-01, RHSA-2018:0107-01, RHSA-2018:0108-01, RHSA-2018:0109-01, RHSA-2018:0110-01, RHSA-2018:0111-01, RHSA-2018:0112-01, RHSA-2018:0182-01, RHSA-2018:0292-01, RHSA-2018:0464-01, RHSA-2018:0496-01, RHSA-2018:0512-01, RHSA-2018:1129-01, RHSA-2018:1196-01, RHSA-2019:1946-01, SA161, SB10226, Spectre, spectre_meltdown_advisory, SSA-168644, SSA-505225, STORM-2018-001, SUSE-SU-2018:0011-1, SUSE-SU-2018:0012-1, SUSE-SU-2018:0031-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0069-1, SUSE-SU-2018:0113-1, SUSE-SU-2018:0114-1, SUSE-SU-2018:0115-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, SUSE-SU-2018:0219-1, SUSE-SU-2018:0438-1, SUSE-SU-2018:0472-1, SUSE-SU-2018:0601-1, SUSE-SU-2018:0609-1, SUSE-SU-2018:0638-1, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, SUSE-SU-2018:1368-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1603-1, SUSE-SU-2018:1658-1, SUSE-SU-2018:1699-1, SUSE-SU-2018:2150-1, SUSE-SU-2018:2528-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0765-1, SUSE-SU-2019:1550-1, Synology-SA-18:01, USN-3516-1, USN-3521-1, USN-3530-1, USN-3541-1, USN-3541-2, USN-3542-1, USN-3542-2, USN-3549-1, USN-3580-1, USN-3597-1, USN-3597-2, VIGILANCE-VUL-24948, VMSA-2018-0002, VMSA-2018-0004, VMSA-2018-0004.2, VMSA-2018-0004.3, VMSA-2018-0007, VN-2018-001, VN-2018-002, VU#584653, XSA-254.

Description of the vulnerability

A local attacker can monitor the performances of its process, in order to get information about the data used for computing by the processor.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-5715

Processors: memory reading via Spectre Branch Target

Synthesis of the vulnerability

A local attacker can monitor the performances of its process, in order to get information about the data used for computing by the processor.
Impacted products: SNS, iOS by Apple, Mac OS X, Blue Coat CAS, Cisco ASR, Cisco Catalyst, Nexus by Cisco, NX-OS, Cisco Router, Cisco UCS, XenServer, Debian, ConnectPort TSx, Avamar, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, Android OS, Chrome, AIX, IBM i, QRadar SIEM, Juniper J-Series, Junos OS, Junos Space, NSMXpress, Linux, McAfee Email Gateway, McAfee NSM, McAfee NTBA, McAfee Web Gateway, Meinberg NTP Server, Edge, IE, SQL Server, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, Firefox, openSUSE Leap, Opera, Oracle Communications, WebLogic, pfSense, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, RHEL, SIMATIC, Slackware, Sonus SBC, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 05/01/2018.
Revision date: 07/02/2018.
Identifiers: 2016636, 519675, ADV180002, CERTFR-2018-AVI-004, CERTFR-2018-AVI-005, CERTFR-2018-AVI-006, CERTFR-2018-AVI-008, CERTFR-2018-AVI-009, CERTFR-2018-AVI-012, CERTFR-2018-AVI-013, CERTFR-2018-AVI-014, CERTFR-2018-AVI-016, CERTFR-2018-AVI-028, CERTFR-2018-AVI-029, CERTFR-2018-AVI-030, CERTFR-2018-AVI-032, CERTFR-2018-AVI-040, CERTFR-2018-AVI-048, CERTFR-2018-AVI-049, CERTFR-2018-AVI-075, CERTFR-2018-AVI-079, CERTFR-2018-AVI-080, CERTFR-2018-AVI-083, CERTFR-2018-AVI-094, CERTFR-2018-AVI-104, CERTFR-2018-AVI-118, CERTFR-2018-AVI-119, CERTFR-2018-AVI-124, CERTFR-2018-AVI-134, CERTFR-2018-AVI-161, CERTFR-2018-AVI-170, CERTFR-2018-AVI-196, CERTFR-2018-AVI-206, CERTFR-2018-AVI-208, CERTFR-2018-AVI-256, CERTFR-2019-AVI-242, cisco-sa-20180104-cpusidechannel, cpujul2019, CTX231390, CTX231399, CVE-2017-5715, DLA-1349-1, DLA-1362-1, DLA-1369-1, DLA-1422-1, DLA-1422-2, DLA-1497-1, DLA-1506-1, DSA-2018-049, DSA-4120-1, DSA-4120-2, DSA-4179-1, DSA-4187-1, DSA-4188-1, DSA-4213-1, FEDORA-2018-21a7ad920c, FEDORA-2018-276558ff6f, FEDORA-2018-6b319763ab, FEDORA-2018-7e17849364, FEDORA-2018-e6fe35524d, FEDORA-2018-fb582aabcc, FG-IR-18-002, FreeBSD-SA-18:03.speculative_execution, HT208397, HT208401, JSA10842, JSA10873, K91229003, LSN-0035-1, MBGSA-1801, MFSA-2018-01, N1022433, nas8N1022433, openSUSE-SU-2018:0013-1, openSUSE-SU-2018:0022-1, openSUSE-SU-2018:0023-1, openSUSE-SU-2018:0026-1, openSUSE-SU-2018:0030-1, openSUSE-SU-2018:0059-1, openSUSE-SU-2018:0066-1, openSUSE-SU-2018:0187-1, openSUSE-SU-2018:0326-1, openSUSE-SU-2018:0408-1, openSUSE-SU-2018:0459-1, openSUSE-SU-2018:0710-1, openSUSE-SU-2018:0745-1, openSUSE-SU-2018:0780-1, openSUSE-SU-2018:0939-1, openSUSE-SU-2018:1502-1, openSUSE-SU-2018:1623-1, openSUSE-SU-2018:1631-1, openSUSE-SU-2018:2119-1, openSUSE-SU-2018:2237-1, openSUSE-SU-2018:2524-1, RHSA-2018:0007-01, RHSA-2018:0008-01, RHSA-2018:0009-01, RHSA-2018:0010-01, RHSA-2018:0011-01, RHSA-2018:0012-01, RHSA-2018:0013-01, RHSA-2018:0014-01, RHSA-2018:0015-01, RHSA-2018:0016-01, RHSA-2018:0017-01, RHSA-2018:0018-01, RHSA-2018:0020-01, RHSA-2018:0021-01, RHSA-2018:0022-01, RHSA-2018:0023-01, RHSA-2018:0024-01, RHSA-2018:0025-01, RHSA-2018:0026-01, RHSA-2018:0027-01, RHSA-2018:0028-01, RHSA-2018:0029-01, RHSA-2018:0030-01, RHSA-2018:0031-01, RHSA-2018:0032-01, RHSA-2018:0034-01, RHSA-2018:0035-01, RHSA-2018:0036-01, RHSA-2018:0037-01, RHSA-2018:0038-01, RHSA-2018:0039-01, RHSA-2018:0040-01, RHSA-2018:0053-01, RHSA-2018:0093-01, RHSA-2018:0094-01, RHSA-2018:0103-01, RHSA-2018:0104-01, RHSA-2018:0105-01, RHSA-2018:0106-01, RHSA-2018:0107-01, RHSA-2018:0108-01, RHSA-2018:0109-01, RHSA-2018:0110-01, RHSA-2018:0111-01, RHSA-2018:0112-01, RHSA-2018:0182-01, RHSA-2018:0292-01, RHSA-2018:0496-01, RHSA-2018:0512-01, RHSA-2018:1129-01, RHSA-2018:1196-01, SA161, SB10226, Spectre, spectre_meltdown_advisory, SSA-168644, SSA:2018-016-01, SSA:2018-037-01, STORM-2018-001, SUSE-SU-2018:0006-1, SUSE-SU-2018:0007-1, SUSE-SU-2018:0008-1, SUSE-SU-2018:0009-1, SUSE-SU-2018:0011-1, SUSE-SU-2018:0012-1, SUSE-SU-2018:0019-1, SUSE-SU-2018:0020-1, SUSE-SU-2018:0031-1, SUSE-SU-2018:0036-1, SUSE-SU-2018:0039-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0041-1, SUSE-SU-2018:0051-1, SUSE-SU-2018:0056-1, SUSE-SU-2018:0067-1, SUSE-SU-2018:0068-1, SUSE-SU-2018:0069-1, SUSE-SU-2018:0113-1, SUSE-SU-2018:0114-1, SUSE-SU-2018:0115-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, SUSE-SU-2018:0219-1, SUSE-SU-2018:0383-1, SUSE-SU-2018:0416-1, SUSE-SU-2018:0437-1, SUSE-SU-2018:0438-1, SUSE-SU-2018:0472-1, SUSE-SU-2018:0525-1, SUSE-SU-2018:0555-1, SUSE-SU-2018:0601-1, SUSE-SU-2018:0609-1, SUSE-SU-2018:0638-1, SUSE-SU-2018:0660-1, SUSE-SU-2018:0678-1, SUSE-SU-2018:0705-1, SUSE-SU-2018:0708-1, SUSE-SU-2018:0762-1, SUSE-SU-2018:0831-1, SUSE-SU-2018:0838-1, SUSE-SU-2018:0841-1, SUSE-SU-2018:0861-1, SUSE-SU-2018:0909-1, SUSE-SU-2018:0920-1, SUSE-SU-2018:0986-1, SUSE-SU-2018:1077-1, SUSE-SU-2018:1080-1, SUSE-SU-2018:1308-1, SUSE-SU-2018:1363-1, SUSE-SU-2018:1368-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1386-1, SUSE-SU-2018:1498-1, SUSE-SU-2018:1503-1, SUSE-SU-2018:1567-1, SUSE-SU-2018:1570-1, SUSE-SU-2018:1571-1, SUSE-SU-2018:1603-1, SUSE-SU-2018:1658-1, SUSE-SU-2018:1661-1, SUSE-SU-2018:1699-1, SUSE-SU-2018:1759-1, SUSE-SU-2018:1784-1, SUSE-SU-2018:2082-1, SUSE-SU-2018:2141-1, SUSE-SU-2018:2189-1, SUSE-SU-2018:2528-1, SUSE-SU-2018:2631-1, SUSE-SU-2019:13999-1, Synology-SA-18:01, USN-3516-1, USN-3530-1, USN-3531-1, USN-3531-2, USN-3531-3, USN-3541-1, USN-3541-2, USN-3549-1, USN-3560-1, USN-3561-1, USN-3580-1, USN-3581-1, USN-3581-2, USN-3581-3, USN-3582-1, USN-3582-2, USN-3594-1, USN-3597-1, USN-3597-2, USN-3620-1, USN-3620-2, USN-3690-1, USN-3690-2, VIGILANCE-VUL-24949, VMSA-2018-0002, VMSA-2018-0004, VMSA-2018-0004.2, VMSA-2018-0004.3, VN-2018-001, VN-2018-002, VU#584653, XSA-254.

Description of the vulnerability

A local attacker can monitor the performances of its process, in order to get information about the data used for computing by the processor.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-5748

libvirt: denial of service via qemuMonitorIORead

Synthesis of the vulnerability

An attacker can generate a resources exhaustion via qemuMonitorIORead() of libvirt, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Junos Space, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on client.
Provenance: user shell.
Creation date: 01/02/2018.
Identifiers: CVE-2018-5748, DLA-1315-1, DSA-4137-1, FEDORA-2018-b22d46eabb, JSA10917, openSUSE-SU-2018:0322-1, RHSA-2018:1396-01, RHSA-2018:1929-01, SUSE-SU-2018:0838-1, SUSE-SU-2018:2082-1, SUSE-SU-2018:2141-1, USN-3576-1, VIGILANCE-VUL-25195.

Description of the vulnerability

An attacker can generate a resources exhaustion via qemuMonitorIORead() of libvirt, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1000004

Linux kernel: denial of service via seq_clientmgr

Synthesis of the vulnerability

An attacker can generate a fatal error via seq_clientmgr of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Junos Space, Linux, openSUSE Leap, Oracle Communications, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 17/01/2018.
Identifiers: CERTFR-2018-AVI-075, CERTFR-2018-AVI-080, CERTFR-2018-AVI-083, CERTFR-2018-AVI-104, CERTFR-2018-AVI-119, CERTFR-2018-AVI-161, CERTFR-2018-AVI-175, CERTFR-2018-AVI-196, CERTFR-2018-AVI-198, CERTFR-2018-AVI-386, CERTFR-2018-AVI-508, CERTFR-2019-AVI-278, cpuapr2019, CVE-2018-1000004, DLA-1369-1, DSA-4187-1, FEDORA-2018-884a105c04, FEDORA-2018-d09a73ce72, FEDORA-2018-d82b617d6c, JSA10917, openSUSE-SU-2018:0408-1, RHSA-2018:0654-01, RHSA-2018:0676-01, RHSA-2018:1062-01, RHSA-2018:2390-01, RHSA-2019:1483-01, RHSA-2019:1487-01, SSA:2018-142-01, SUSE-SU-2018:0383-1, SUSE-SU-2018:0416-1, SUSE-SU-2018:0437-1, SUSE-SU-2018:0525-1, SUSE-SU-2018:0555-1, SUSE-SU-2018:0660-1, SUSE-SU-2018:0841-1, SUSE-SU-2018:0986-1, USN-3631-1, USN-3631-2, USN-3798-1, USN-3798-2, VIGILANCE-VUL-25093.

Description of the vulnerability

An attacker can generate a fatal error via seq_clientmgr of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3145

ISC BIND: assertion error via Fetch Cleanup Sequencing

Synthesis of the vulnerability

An attacker can force an assertion error via Fetch Cleanup Sequencing of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, BIND, Junos OS, Junos Space, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 17/01/2018.
Identifiers: bulletinjan2018, bulletinjul2018, CERTFR-2018-AVI-033, CVE-2017-3145, DSA-2019-131, DSA-4089-1, FEDORA-2018-6550550774, FEDORA-2018-97bdb9ba32, JSA10873, JSA10875, JSA10917, K08613310, openSUSE-SU-2018:0323-1, RHSA-2018:0101-01, RHSA-2018:0102-01, RHSA-2018:0487-01, RHSA-2018:0488-01, SSA:2018-017-01, SUSE-SU-2018:0303-1, SUSE-SU-2018:0362-1, USN-3535-1, USN-3535-2, VIGILANCE-VUL-25087.

Description of the vulnerability

An attacker can force an assertion error via Fetch Cleanup Sequencing of ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Juniper Junos Space Ethernet Design: