The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetApp Snap Creator Framework

threat alert CVE-2019-12400

Apache Santuario XML Security for Java: privilege escalation via XML Parsing Code

Synthesis of the vulnerability

An attacker can bypass restrictions via XML Parsing Code of Apache Santuario XML Security for Java, in order to escalate his privileges.
Severity: 2/4.
Creation date: 26/08/2019.
Identifiers: CVE-2019-12400, NTAP-20190910-0003, VIGILANCE-VUL-30141.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via XML Parsing Code of Apache Santuario XML Security for Java, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-10241 CVE-2019-10246 CVE-2019-10247

Eclipse Jetty: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Eclipse Jetty, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 23/04/2019.
Identifiers: CVE-2019-10241, CVE-2019-10246, CVE-2019-10247, NTAP-20190509-0003, VIGILANCE-VUL-29106.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Eclipse Jetty product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Eclipse Jetty, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2018-18314

Perl Core: buffer overflow via S_regatom

Synthesis of the vulnerability

An attacker can generate a buffer overflow via S_regatom() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 30/11/2018.
Identifiers: bulletinapr2019, CVE-2018-18314, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27919.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via S_regatom() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-18313

Perl Core: out-of-bounds memory reading via S_grok_bslash_N

Synthesis of the vulnerability

An attacker can force a read at an invalid address via S_grok_bslash_N() of Perl Core, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 30/11/2018.
Identifiers: 133192, bulletinapr2019, CVE-2018-18313, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, HT209600, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27918.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via S_grok_bslash_N() of Perl Core, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2018-18312

Perl Core: buffer overflow via Regular Expression Compilation

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Regular Expression Compilation of Perl Core, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 30/11/2018.
Identifiers: 133423, bulletinapr2019, CVE-2018-18312, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27917.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via Regular Expression Compilation of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-18311

Perl Core: integer overflow via Perl_my_setenv

Synthesis of the vulnerability

An attacker can generate an integer overflow via Perl_my_setenv() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 30/11/2018.
Identifiers: 133204, bulletinjan2019, cpujul2019, CVE-2018-18311, DLA-1601-1, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, HT209600, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, RHSA-2019:0109-01, RHSA-2019:1790-01, RHSA-2019:1942-01, RHSA-2019:2400-01, SB10276, SB10278, SUSE-SU-2018:4187-1, SUSE-SU-2019:2264-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27916.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate an integer overflow via Perl_my_setenv() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2018-11784

Apache Tomcat: open redirect via Directory Redirect

Synthesis of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Severity: 1/4.
Creation date: 04/10/2018.
Identifiers: bulletinoct2018, cpuapr2019, cpuoct2019, CVE-2018-11784, DLA-1544-1, DLA-1545-1, FEDORA-2018-b18f9dd65b, FEDORA-2018-b89746cb9b, ibm10874888, NTAP-20181014-0002, openSUSE-SU-2018:3453-1, openSUSE-SU-2018:4042-1, openSUSE-SU-2019:0084-1, openSUSE-SU-2019:1547-1, openSUSE-SU-2019:1814-1, RHSA-2019:0130-01, RHSA-2019:0131-01, RHSA-2019:0485-01, RHSA-2019:1529-01, SB10257, SB10264, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SUSE-SU-2018:3393-1, SUSE-SU-2018:3935-1, SUSE-SU-2018:3968-1, USN-3787-1, VIGILANCE-VUL-27396.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2018-1000632

dom4j: external XML entity injection via XML Injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data via XML Injection to dom4j, in order to read a file, scan sites, or trigger a denial of service.
Severity: 2/4.
Creation date: 25/09/2018.
Identifiers: CVE-2018-1000632, DLA-1517-1, NTAP-20190530-0001, openSUSE-SU-2018:2931-1, openSUSE-SU-2018:3998-1, openSUSE-SU-2018:4045-1, RHSA-2019:0362-01, RHSA-2019:0364-01, RHSA-2019:0365-01, RHSA-2019:0380-01, RHSA-2019:1159-01, RHSA-2019:1160-01, RHSA-2019:1161-01, RHSA-2019:1162-01, SUSE-SU-2018:3424-1, SUSE-SU-2018:3908-1, VIGILANCE-VUL-27312.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can transmit malicious XML data via XML Injection to dom4j, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2015-8960

TLS: information disclosure via KCI Attacks

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via KCI Attacks of TLS, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 27/06/2018.
Identifiers: CVE-2015-8960, NTAP-20180626-0002, VIGILANCE-VUL-26550.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via KCI Attacks of TLS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2015-2080

Eclipse Jetty: information disclosure

Synthesis of the vulnerability

A local attacker can read a memory fragment of Eclipse Jetty, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 12/04/2018.
Identifiers: CVE-2015-2080, JSA10849, NTAP-20190307-0005, VIGILANCE-VUL-25851.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a memory fragment of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.