The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MBS

vulnerability note CVE-2014-0250

FreeRDP: buffer overflow via Width/Height

Synthesis of the vulnerability

Impacted products: MBS, openSUSE, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 08/08/2017.
Identifiers: CVE-2014-0250, MDVSA-2015:171, openSUSE-SU-2014:0862-1, USN-3380-1, VIGILANCE-VUL-23464.

Description of the vulnerability

An attacker can generate a buffer overflow via Width/Height of FreeRDP, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2014-9640

vorbis-tools: out-of-bounds memory reading via oggenc

Synthesis of the vulnerability

Impacted products: Debian, Fedora, MBS, openSUSE.
Severity: 1/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 03/07/2017.
Identifiers: CVE-2014-9640, DLA-1010-1, FEDORA-2015-1191, FEDORA-2015-1253, MDVSA-2015:037, openSUSE-SU-2015:0231-1, VIGILANCE-VUL-23121.

Description of the vulnerability

An attacker can force a read at an invalid address via oggenc of vorbis-tools, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2014-4975

Ruby: buffer overflow via encodes

Synthesis of the vulnerability

Impacted products: Debian, MBS, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 20/04/2017.
Identifiers: CVE-2014-4975, DSA-3157-1, MDVSA-2014:225, MDVSA-2015:129, openSUSE-SU-2017:1128-1, RHSA-2014:1912-01, RHSA-2014:1913-01, RHSA-2014:1914-01, SUSE-SU-2017:1067-1, USN-2397-1, VIGILANCE-VUL-22519.

Description of the vulnerability

An attacker can generate a buffer overflow via encodes() of Ruby, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2012-4433

gegl: buffer overflow via ppm-load

Synthesis of the vulnerability

Impacted products: Fedora, MBS, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 28/03/2017.
Identifiers: CVE-2012-4433, FEDORA-2013-12075, FEDORA-2013-12108, FEDORA-2013-12115, MDVSA-2013:081, openSUSE-SU-2012:1627-1, openSUSE-SU-2013:0159-1, openSUSE-SU-2017:0828-1, RHSA-2012:1455-01, SSA:2017-270-01, VIGILANCE-VUL-22267.

Description of the vulnerability

An attacker can generate a buffer overflow via ppm-load of gegl, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2014-0791

FreeRDP: buffer overflow

Synthesis of the vulnerability

Impacted products: MBS, openSUSE, openSUSE Leap, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 28/09/2016.
Identifiers: CVE-2014-0791, MDVSA-2015:171, openSUSE-SU-2014:0862-1, openSUSE-SU-2016:2400-1, openSUSE-SU-2016:2402-1, USN-3380-1, VIGILANCE-VUL-20709.

Description of the vulnerability

An attacker can generate a buffer overflow of FreeRDP, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2013-0211

libarchive: integer overflow via archive_write_zip_data

Synthesis of the vulnerability

Impacted products: Fedora, FreeBSD, MBS, MES, openSUSE, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 01/06/2016.
Identifiers: CVE-2013-0211, FEDORA-2013-4522, FEDORA-2013-4537, FEDORA-2013-4576, FEDORA-2013-4592, FreeBSD-SA-16:23.libarchive, MDVSA-2013:147, openSUSE-SU-2015:0568-1, USN-2549-1, VIGILANCE-VUL-19751.

Description of the vulnerability

An attacker can generate an integer overflow via archive_write_zip_data() of libarchive, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-2304

libarchive: directory traversal via cpio

Synthesis of the vulnerability

An attacker can invite the victim to extract a cpio archive with an application linked to libarchive, in order to create a file with victim's privileges.
Impacted products: FreeBSD, MBS, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 01/06/2016.
Identifiers: CVE-2015-2304, FreeBSD-SA-16:22.libarchive, MDVSA-2015:157, openSUSE-SU-2015:0568-1, openSUSE-SU-2016:3002-1, openSUSE-SU-2016:3005-1, SUSE-SU-2016:1939-1, USN-2549-1, VIGILANCE-VUL-19749.

Description of the vulnerability

The libarchive library is used by tools such as tar and cpio to extract files.

However, absolute file names handled by the cpio support of libarchive can be used to create a file outside the current directory.

An attacker can therefore invite the victim to extract a cpio archive with an application linked to libarchive, in order to create a file with victim's privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2014-8350

Smarty3: code execution via Template

Synthesis of the vulnerability

Impacted products: Debian, Fedora, MBS.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 04/05/2016.
Identifiers: CVE-2014-8350, DLA-452-1, FEDORA-2014-13570, FEDORA-2014-13574, MDVSA-2014:221, VIGILANCE-VUL-19516.

Description of the vulnerability

An attacker can use a vulnerability in Template of Smarty3, in order to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2013-6630

libjpeg-turbo: information disclosure via get_dht

Synthesis of the vulnerability

Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, MBS, MES, openSUSE, RHEL.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 19/02/2016.
Identifiers: CVE-2013-6630, DSA-2797-1, FEDORA-2013-23722, FEDORA-2013-23749, FEDORA-2014-6859, FEDORA-2014-6870, MDVSA-2013:273, MDVSA-2013:274, openSUSE-SU-2013:1776-1, openSUSE-SU-2013:1777-1, openSUSE-SU-2014:0065-1, RHSA-2013:1803-01, SOL62655427, VIGILANCE-VUL-18981.

Description of the vulnerability

An attacker can bypass access restrictions to data via get_dht() of libjpeg-turbo, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2013-6629

libjpeg: information disclosure via get_sos

Synthesis of the vulnerability

Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, MBS, MES, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista, openSUSE, RHEL, Slackware.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 19/02/2016.
Identifiers: CVE-2013-6629, DSA-2797-1, FEDORA-2013-23722, FEDORA-2013-23749, FEDORA-2014-6859, FEDORA-2014-6870, MDVSA-2013:273, MDVSA-2013:274, openSUSE-SU-2013:1776-1, openSUSE-SU-2013:1777-1, openSUSE-SU-2014:0065-1, RHSA-2013:1803-01, RHSA-2013:1804-01, SOL59503294, SSA:2013-350-02, VIGILANCE-VUL-18980.

Description of the vulnerability

An attacker can bypass access restrictions to data with get_sos() of libjpeg, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.