The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetApp Snap Creator Framework

computer vulnerability note CVE-2018-18314

Perl Core: buffer overflow via S_regatom

Synthesis of the vulnerability

An attacker can generate a buffer overflow via S_regatom() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Snap Creator Framework, OpenBSD, openSUSE Leap, Solaris, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: bulletinapr2019, CVE-2018-18314, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27919.

Description of the vulnerability

An attacker can generate a buffer overflow via S_regatom() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-18313

Perl Core: out-of-bounds memory reading via S_grok_bslash_N

Synthesis of the vulnerability

An attacker can force a read at an invalid address via S_grok_bslash_N() of Perl Core, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Mac OS X, Debian, Fedora, Snap Creator Framework, OpenBSD, openSUSE Leap, Solaris, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: 133192, bulletinapr2019, CVE-2018-18313, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, HT209600, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27918.

Description of the vulnerability

An attacker can force a read at an invalid address via S_grok_bslash_N() of Perl Core, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-18312

Perl Core: buffer overflow via Regular Expression Compilation

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Regular Expression Compilation of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Snap Creator Framework, OpenBSD, openSUSE Leap, Solaris, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: 133423, bulletinapr2019, CVE-2018-18312, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27917.

Description of the vulnerability

An attacker can generate a buffer overflow via Regular Expression Compilation of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-18311

Perl Core: integer overflow via Perl_my_setenv

Synthesis of the vulnerability

An attacker can generate an integer overflow via Perl_my_setenv() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, Debian, Fedora, McAfee Web Gateway, Snap Creator Framework, OpenBSD, openSUSE Leap, Solaris, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: 133204, bulletinjan2019, CVE-2018-18311, DLA-1601-1, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, HT209600, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, RHSA-2019:0109-01, SB10276, SB10278, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27916.

Description of the vulnerability

An attacker can generate an integer overflow via Perl_my_setenv() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-11784

Apache Tomcat: open redirect via Directory Redirect

Synthesis of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Impacted products: Tomcat, Debian, Fedora, QRadar SIEM, ePO, McAfee Web Gateway, Snap Creator Framework, SnapManager, openSUSE Leap, Oracle Communications, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 04/10/2018.
Identifiers: bulletinoct2018, cpuapr2019, CVE-2018-11784, DLA-1544-1, DLA-1545-1, FEDORA-2018-b18f9dd65b, FEDORA-2018-b89746cb9b, ibm10874888, NTAP-20181014-0002, openSUSE-SU-2018:3453-1, openSUSE-SU-2018:4042-1, openSUSE-SU-2019:0084-1, RHSA-2019:0130-01, RHSA-2019:0131-01, RHSA-2019:0485-01, SB10257, SB10264, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SUSE-SU-2018:3393-1, SUSE-SU-2018:3935-1, SUSE-SU-2018:3968-1, USN-3787-1, VIGILANCE-VUL-27396.

Description of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-8960

TLS: information disclosure via KCI Attacks

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via KCI Attacks of TLS, in order to obtain sensitive information.
Impacted products: Snap Creator Framework, SnapManager, SSL protocol.
Severity: 1/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 27/06/2018.
Identifiers: CVE-2015-8960, NTAP-20180626-0002, VIGILANCE-VUL-26550.

Description of the vulnerability

An attacker can bypass access restrictions to data via KCI Attacks of TLS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-2080

Eclipse Jetty: information disclosure

Synthesis of the vulnerability

A local attacker can read a memory fragment of Eclipse Jetty, in order to obtain sensitive information.
Impacted products: Juniper SBR, Snap Creator Framework.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 12/04/2018.
Identifiers: CVE-2015-2080, JSA10849, NTAP-20190307-0005, VIGILANCE-VUL-25851.

Description of the vulnerability

A local attacker can read a memory fragment of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-5648

Apache Tomcat: privilege escalation

Synthesis of the vulnerability

A local attacker can tamper with the data exchanged by applications hosted in one instance of Apache Tomcat.
Impacted products: Tomcat, Debian, Fedora, Snap Creator Framework, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 11/04/2017.
Identifiers: CERTFR-2017-AVI-116, CVE-2017-5648, DLA-924-1, DLA-924-2, DSA-3842-1, DSA-3843-1, FEDORA-2017-5261ba4605, FEDORA-2017-d5aa7c77d6, NTAP-20180605-0001, NTAP-20180607-0001, NTAP-20180607-0002, NTAP-20180614-0001, openSUSE-SU-2017:1292-1, RHSA-2017:1801-01, RHSA-2017:1802-01, RHSA-2017:1809-01, SUSE-SU-2017:1229-1, SUSE-SU-2017:1382-1, SUSE-SU-2017:1660-1, USN-3519-1, VIGILANCE-VUL-22401.

Description of the vulnerability

The Apache Tomcat is a web application server.

It may host several applications which must be isolated. However, an application can get handle objets to requests and responses for other applications, and so read their request or modify their response body.

A local attacker can therefore tamper with the data exchanged by applications hosted in one instance of Apache Tomcat.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-5650 CVE-2017-5651

Apache Tomcat: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache Tomcat.
Impacted products: Tomcat, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Snap Creator Framework, Percona Server.
Severity: 3/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 11/04/2017.
Identifiers: CERTFR-2017-AVI-116, cpujul2017, CVE-2017-5650, CVE-2017-5651, NTAP-20180605-0001, NTAP-20180607-0001, NTAP-20180607-0002, NTAP-20180614-0001, VIGILANCE-VUL-22395.

Description of the vulnerability

Several vulnerabilities were announced in Apache Tomcat.

An attacker can make the server send to him the response of a not related request. [severity:3/4; CVE-2017-5651]

An attacker can send HTTP/2 requests which will block all server threads, in order to trigger a denial of service. [severity:3/4; CVE-2017-5650]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-5647

Apache Tomcat: information disclosure via response exchanges

Synthesis of the vulnerability

An attacker can send a burst of HTTP 1.1 request to Apache Tomcat, in order to get sensitive information.
Impacted products: Tomcat, Blue Coat CAS, Debian, Fedora, MariaDB ~ precise, ePO, MySQL Community, MySQL Enterprise, Snap Creator Framework, openSUSE Leap, Solaris, Percona Server, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 11/04/2017.
Identifiers: bulletinapr2017, cpujul2017, CVE-2017-5647, DLA-924-1, DLA-924-2, DSA-3842-1, DSA-3843-1, FEDORA-2017-5261ba4605, FEDORA-2017-d5aa7c77d6, NTAP-20180605-0001, NTAP-20180607-0001, NTAP-20180607-0002, NTAP-20180614-0001, openSUSE-SU-2017:1292-1, RHSA-2017:1801-01, RHSA-2017:1802-01, RHSA-2017:2493-01, RHSA-2017:2494-01, RHSA-2017:3080-01, RHSA-2017:3081-01, SA156, SB10199, SUSE-SU-2017:1229-1, SUSE-SU-2017:1382-1, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, USN-3519-1, VIGILANCE-VUL-22391.

Description of the vulnerability

The Apache Tomcat product includes an HTTP server.

In HTTP 1.1, the client may send several requests without waiting for the response to the first request. However, in some cases, the server mismatches the response body and the request, in such a way that a client may receive the response for another request. This vulnerability looks like the one described in VIGILANCE-VUL-21355.

An attacker can therefore send a burst of HTTP 1.1 request to Apache Tomcat, in order to get sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NetApp Snap Creator Framework: