The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetApp SnapManager

computer vulnerability alert CVE-2018-11784

Apache Tomcat: open redirect via Directory Redirect

Synthesis of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Impacted products: Tomcat, Debian, Fedora, QRadar SIEM, ePO, McAfee Web Gateway, Snap Creator Framework, SnapManager, openSUSE Leap, Oracle Communications, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 04/10/2018.
Identifiers: bulletinoct2018, cpuapr2019, CVE-2018-11784, DLA-1544-1, DLA-1545-1, FEDORA-2018-b18f9dd65b, FEDORA-2018-b89746cb9b, ibm10874888, NTAP-20181014-0002, openSUSE-SU-2018:3453-1, openSUSE-SU-2018:4042-1, openSUSE-SU-2019:0084-1, RHSA-2019:0130-01, RHSA-2019:0131-01, RHSA-2019:0485-01, SB10257, SB10264, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SUSE-SU-2018:3393-1, SUSE-SU-2018:3935-1, SUSE-SU-2018:3968-1, USN-3787-1, VIGILANCE-VUL-27396.

Description of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-2938 CVE-2018-2940 CVE-2018-2941

Oracle Java: vulnerabilities of July 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, Fedora, AIX, DB2 UDB, Domino, Notes, QRadar SIEM, Tivoli Workload Scheduler, ePO, SnapManager, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 18/07/2018.
Identifiers: ADV-2018-022, CERTFR-2018-AVI-348, cpujul2018, CVE-2018-2938, CVE-2018-2940, CVE-2018-2941, CVE-2018-2942, CVE-2018-2952, CVE-2018-2964, CVE-2018-2972, CVE-2018-2973, DLA-1590-1, DSA-4268-1, FEDORA-2018-0b6ccd1c68, FEDORA-2018-40decc4158, FEDORA-2018-4d58785bcd, FEDORA-2018-877fdbb3f0, FEDORA-2018-c650019e9c, FEDORA-2018-d4bfa98f6a, ibm10725491, ibm10738401, ibm10742729, ibm10743351, NTAP-20180726-0001, openSUSE-SU-2018:2206-1, openSUSE-SU-2018:2247-1, openSUSE-SU-2018:3057-1, openSUSE-SU-2018:3103-1, openSUSE-SU-2019:0042-1, RHSA-2018:2241-01, RHSA-2018:2242-01, RHSA-2018:2253-01, RHSA-2018:2254-01, RHSA-2018:2255-01, RHSA-2018:2256-01, RHSA-2018:2283-01, RHSA-2018:2286-01, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, RHSA-2018:3007-01, RHSA-2018:3008-01, SB10247, SUSE-SU-2018:2083-1, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3045-1, SUSE-SU-2018:3064-1, SUSE-SU-2018:3064-3, SUSE-SU-2018:3082-1, SUSE-SU-2019:0049-1, USN-3734-1, USN-3735-1, USN-3747-1, USN-3747-2, VIGILANCE-VUL-26767.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-11212

libjpeg: denial of service via alloc_sarray

Synthesis of the vulnerability

An attacker can generate a fatal error via alloc_sarray() of libjpeg, in order to trigger a denial of service.
Impacted products: Debian, Fedora, AIX, IBM i, SnapManager, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/07/2018.
Identifiers: cpujan2019, CVE-2018-11212, DLA-1638-1, FEDORA-2019-362387a66d, FEDORA-2019-b084fa3ea5, ibm10875554, ibm10878376, NTAP-20190118-0001, openSUSE-SU-2019:0161-1, openSUSE-SU-2019:0346-1, RHSA-2019:0469-01, RHSA-2019:0472-01, RHSA-2019:0473-01, RHSA-2019:0474-01, RHSA-2019:1238-01, SUSE-SU-2019:0221-1, SUSE-SU-2019:0574-1, SUSE-SU-2019:0604-1, SUSE-SU-2019:0617-1, SUSE-SU-2019:1219-1, SUSE-SU-2019:13975-1, SUSE-SU-2019:13978-1, USN-3706-1, USN-3706-2, VIGILANCE-VUL-26667.

Description of the vulnerability

An attacker can generate a fatal error via alloc_sarray() of libjpeg, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-8960

TLS: information disclosure via KCI Attacks

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via KCI Attacks of TLS, in order to obtain sensitive information.
Impacted products: Snap Creator Framework, SnapManager, SSL protocol.
Severity: 1/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 27/06/2018.
Identifiers: CVE-2015-8960, NTAP-20180626-0002, VIGILANCE-VUL-26550.

Description of the vulnerability

An attacker can bypass access restrictions to data via KCI Attacks of TLS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-12536

Eclipse Jetty: information disclosure via InvalidPathException Message

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via InvalidPathException Message of Eclipse Jetty, in order to obtain sensitive information.
Impacted products: Jetty, SnapManager, Puppet.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/06/2018.
Identifiers: CVE-2018-12536, NTAP-20181014-0001, VIGILANCE-VUL-26536.

Description of the vulnerability

An attacker can bypass access restrictions to data via InvalidPathException Message of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-7658

Eclipse Jetty: information disclosure via Double Content-Length

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Double Content-Length of Eclipse Jetty, in order to obtain sensitive information.
Impacted products: Debian, Jetty, Fedora, SnapManager, Puppet.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/06/2018.
Identifiers: CVE-2017-7658, DSA-4278-1, FEDORA-2018-48b73ed393, FEDORA-2018-93a507fd0f, NTAP-20181014-0001, VIGILANCE-VUL-26535.

Description of the vulnerability

An attacker can bypass access restrictions to data via Double Content-Length of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-7657

Eclipse Jetty: information disclosure via Transfer-Encoding Request Smuggling

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Transfer-Encoding Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Impacted products: Debian, Jetty, Fedora, SnapManager, Puppet.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/06/2018.
Identifiers: CVE-2017-7657, DSA-4278-1, FEDORA-2018-48b73ed393, FEDORA-2018-93a507fd0f, NTAP-20181014-0001, VIGILANCE-VUL-26534.

Description of the vulnerability

An attacker can bypass access restrictions to data via Transfer-Encoding Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-7656

Eclipse Jetty: information disclosure via HTTP/0.9 Request Smuggling

Synthesis of the vulnerability

An attacker can use a vulnerability via HTTP/0.9 Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Impacted products: Debian, Jetty, Fedora, SnapManager, Puppet.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/06/2018.
Identifiers: CVE-2017-7656, DSA-4278-1, FEDORA-2018-48b73ed393, FEDORA-2018-93a507fd0f, NTAP-20181014-0001, VIGILANCE-VUL-26533.

Description of the vulnerability

The Eclipse Jetty product offers a web service.

However, an attacker can bypass access restrictions to data.

An attacker can therefore use a vulnerability via HTTP/0.9 Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-12538

Eclipse Jetty: privilege escalation via FileSessionDataStore

Synthesis of the vulnerability

An attacker can bypass restrictions via FileSessionDataStore of Eclipse Jetty, in order to escalate his privileges.
Impacted products: Jetty, SnapManager, Puppet.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 25/06/2018.
Identifiers: 536018, CVE-2018-12538, NTAP-20181014-0001, VIGILANCE-VUL-26512.

Description of the vulnerability

An attacker can bypass restrictions via FileSessionDataStore of Eclipse Jetty, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-10053 CVE-2017-10067 CVE-2017-10074

Oracle Java: vulnerabilities of July 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Java.
Impacted products: Debian, Fedora, AIX, Domino, Notes, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, ePO, SnapManager, Java OpenJDK, openSUSE Leap, Java Oracle, JavaFX, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 32.
Creation date: 19/07/2017.
Identifiers: 2007002, 2008025, 2008360, 2008362, 2008757, 2009206, 2009232, 2009253, 2009415, 2009663, 2011594, 2012301, CERTFR-2017-AVI-223, cpujul2017, CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10104, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10117, CVE-2017-10118, CVE-2017-10121, CVE-2017-10125, CVE-2017-10135, CVE-2017-10145, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243, DLA-1073-1, DSA-3919-1, DSA-3954-1, DSA-4005-1, FEDORA-2017-605557de96, FEDORA-2017-721314e3b3, FEDORA-2017-735e2ae663, FEDORA-2017-be3df4fe14, FEDORA-2017-fe57cf60c3, ibm10718843, JSA10873, NTAP-20170720-0001, openSUSE-SU-2017:2211-1, openSUSE-SU-2018:0042-1, RHSA-2017:1789-01, RHSA-2017:1790-01, RHSA-2017:1791-01, RHSA-2017:1792-01, RHSA-2017:2424-01, RHSA-2017:2469-01, RHSA-2017:2481-01, RHSA-2017:2530-01, SB10208, SUSE-SU-2017:2175-1, SUSE-SU-2017:2263-1, SUSE-SU-2017:2280-1, SUSE-SU-2017:2281-1, SUSE-SU-2018:0005-1, USN-3366-1, USN-3366-2, USN-3396-1, VIGILANCE-VUL-23289.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NetApp SnapManager: