| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of OpenBSD
OpenBSD: assertion error via recv MSG_WAITALL
Synthesis of the vulnerability
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 19/12/2018.
Identifiers: VIGILANCE-VUL-28052.
Description of the vulnerability
An attacker can force an assertion error via recv() MSG_WAITALL of OpenBSD, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
OpenBSD 6.4: denial of service via Qcow2 4GB Write
Synthesis of the vulnerability
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 30/11/2018.
Identifiers: VIGILANCE-VUL-27924.
Description of the vulnerability
An attacker can generate a fatal error via Qcow2 4GB Write of OpenBSD 6.4, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
OpenBSD: memory leak via Sockets SCM_RIGHTS MSG_PEEK
Synthesis of the vulnerability
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 30/11/2018.
Identifiers: VIGILANCE-VUL-27923.
Description of the vulnerability
An attacker can create a memory leak via Sockets SCM_RIGHTS MSG_PEEK of OpenBSD, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
OpenBSD: denial of service via POSIX File Locks
Synthesis of the vulnerability
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 19/11/2018.
Identifiers: VIGILANCE-VUL-27818.
Description of the vulnerability
An attacker can generate a fatal error via POSIX File Locks of OpenBSD, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
OpenSSL: information disclosure via ECC Scalar Multiplication
Synthesis of the vulnerability
Impacted products: Debian, BIG-IP Hardware, TMOS, AIX, MariaDB ~ precise, MySQL Community, MySQL Enterprise, OpenBSD, OpenSSL, openSUSE Leap, Solaris, Percona Server, XtraBackup, XtraDB Cluster, Slackware, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 12/11/2018.
Identifiers: bulletinjan2019, CERTFR-2018-AVI-607, cpujan2019, CVE-2018-5407, DLA-1586-1, DSA-4348-1, DSA-4355-1, K49711130, openSUSE-SU-2018:3903-1, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, SSA:2018-325-01, SUSE-SU-2018:3864-1, SUSE-SU-2018:3866-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, TNS-2018-16, TNS-2018-17, USN-3840-1, VIGILANCE-VUL-27760.
Description of the vulnerability
On an Intel processor (VIGILANCE-VUL-27667), an attacker can measure the execution time of the ECC Scalar Multiplication of OpenSSL, in order to obtain the used key.
Complete Vigil@nce bulletin.... (Free trial) |
Intel processors: information disclosure via SMT/Hyper-Threading PortSmash
Synthesis of the vulnerability
Impacted products: Debian, BIG-IP Hardware, TMOS, AIX, MariaDB ~ precise, Windows (platform) ~ not comprehensive, MySQL Community, MySQL Enterprise, OpenBSD, OpenSSL, openSUSE Leap, Solaris, Percona Server, XtraBackup, XtraDB Cluster, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, WindRiver Linux.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 05/11/2018.
Identifiers: bulletinjan2019, cpujan2019, CVE-2018-5407, DSA-4348-1, DSA-4355-1, K49711130, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, USN-3840-1, VIGILANCE-VUL-27667.
Description of the vulnerability
An attacker can bypass access restrictions to data via SMT/Hyper-Threading PortSmash on an Intel processor, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial) |
X.Org Server: privilege escalation via modulepath/logfile
Synthesis of the vulnerability
Impacted products: Debian, Fedora, AIX, OpenBSD, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, data creation/edition.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 25/10/2018.
Identifiers: bulletinoct2018, CVE-2018-14665, DSA-4328-1, FEDORA-2018-4ab08fedd6, FEDORA-2018-839720583a, openSUSE-SU-2018:3800-1, RHSA-2018:3410-01, SUSE-SU-2018:3456-1, SUSE-SU-2018:3680-1, USN-3802-1, VIGILANCE-VUL-27616.
Description of the vulnerability
An attacker can bypass restrictions via modulepath/logfile of X.Org Server, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial) |
OpenBSD: vulnerability via AMD CPU LDTR
Synthesis of the vulnerability
Impacted products: OpenBSD.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 20/09/2018.
Identifiers: VIGILANCE-VUL-27276.
Description of the vulnerability
A vulnerability via AMD CPU LDTR of OpenBSD was announced.
Complete Vigil@nce bulletin.... (Free trial) |
Intel processors: information disclosure via Foreshadow L1TF Virtualization
Synthesis of the vulnerability
Impacted products: SNS, Mac OS X, Arkoon FAST360, Cisco ASR, Nexus by Cisco, NX-OS, Cisco UCS, XenServer, Debian, NetWorker, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP ProLiant, QRadar SIEM, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, OpenBSD, openSUSE Leap, Solaris, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere Hypervisor, VMware Workstation, WindRiver Linux, Xen.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 16/08/2018.
Identifiers: 525211, 528031, ADV180018, CERTFR-2018-AVI-385, CERTFR-2018-AVI-386, CERTFR-2018-AVI-387, CERTFR-2018-AVI-388, CERTFR-2018-AVI-390, CERTFR-2018-AVI-391, CERTFR-2018-AVI-392, CERTFR-2018-AVI-416, CERTFR-2018-AVI-419, CERTFR-2018-AVI-426, CERTFR-2018-AVI-557, CERTFR-2018-AVI-584, cisco-sa-20180814-cpusidechannel, cpujan2019, CTX236548, CVE-2018-3646, DLA-1481-1, DLA-1506-1, DSA-2018-170, DSA-2018-217, DSA-4274-1, DSA-4279-1, DSA-4279-2, FEDORA-2018-1c80fea1cd, FEDORA-2018-f8cba144ae, Foreshadow, FreeBSD-SA-18:09.l1tf, HPESBHF03874, HT209139, HT209193, ibm10742755, INTEL-SA-00161, K31300402, openSUSE-SU-2018:2399-1, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, openSUSE-SU-2018:2434-1, openSUSE-SU-2018:2436-1, openSUSE-SU-2018:4304-1, RHSA-2018:2384-01, RHSA-2018:2387-01, RHSA-2018:2388-01, RHSA-2018:2389-01, RHSA-2018:2390-01, RHSA-2018:2391-01, RHSA-2018:2392-01, RHSA-2018:2393-01, RHSA-2018:2394-01, RHSA-2018:2395-01, RHSA-2018:2396-01, RHSA-2018:2602-01, RHSA-2018:2603-01, SSA-254686, STORM-2018-005, SUSE-SU-2018:2328-1, SUSE-SU-2018:2331-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2335-1, SUSE-SU-2018:2338-1, SUSE-SU-2018:2344-1, SUSE-SU-2018:2362-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2384-1, SUSE-SU-2018:2394-1, SUSE-SU-2018:2401-1, SUSE-SU-2018:2409-1, SUSE-SU-2018:2410-1, SUSE-SU-2018:2480-1, SUSE-SU-2018:2482-1, SUSE-SU-2018:2483-1, SUSE-SU-2018:2528-1, SUSE-SU-2018:2596-1, SUSE-SU-2018:2637-1, SUSE-SU-2018:3490-1, SUSE-SU-2018:4300-1, Synology-SA-18:45, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, USN-3756-1, USN-3823-1, VIGILANCE-VUL-26999, VMSA-2018-0020, VU#982149, XSA-273, XSA-289.
Description of the vulnerability
An attacker can bypass access restrictions to data via L1TF Virtualization on Intel processors, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial) |
Intel processors: information disclosure via Foreshadow L1TF OS/SMM
Synthesis of the vulnerability
Impacted products: SNS, Arkoon FAST360, Cisco ASR, Nexus by Cisco, NX-OS, Cisco UCS, XenServer, Debian, NetWorker, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP ProLiant, QRadar SIEM, Junos Space, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, OpenBSD, openSUSE Leap, pfSense, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, vCenter Server, WindRiver Linux, Xen.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 16/08/2018.
Identifiers: 525211, 528031, ADV180018, CERTFR-2018-AVI-385, CERTFR-2018-AVI-386, CERTFR-2018-AVI-387, CERTFR-2018-AVI-388, CERTFR-2018-AVI-390, CERTFR-2018-AVI-391, CERTFR-2018-AVI-392, CERTFR-2018-AVI-416, CERTFR-2018-AVI-419, CERTFR-2018-AVI-426, CERTFR-2018-AVI-557, CERTFR-2018-AVI-584, cisco-sa-20180814-cpusidechannel, CTX236548, CVE-2018-3620, DLA-1481-1, DLA-1506-1, DLA-1529-1, DSA-2018-170, DSA-2018-217, DSA-4274-1, DSA-4279-1, DSA-4279-2, FEDORA-2018-1c80fea1cd, FEDORA-2018-f8cba144ae, Foreshadow, FreeBSD-SA-18:09.l1tf, HPESBHF03874, ibm10742755, INTEL-SA-00161, JSA10917, K95275140, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, RHSA-2018:2384-01, RHSA-2018:2387-01, RHSA-2018:2388-01, RHSA-2018:2389-01, RHSA-2018:2390-01, RHSA-2018:2391-01, RHSA-2018:2392-01, RHSA-2018:2393-01, RHSA-2018:2394-01, RHSA-2018:2395-01, RHSA-2018:2396-01, RHSA-2018:2602-01, RHSA-2018:2603-01, SSA:2018-240-01, SSA-254686, STORM-2018-005, SUSE-SU-2018:2328-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2344-1, SUSE-SU-2018:2362-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2384-1, SUSE-SU-2018:2596-1, SUSE-SU-2018:2637-1, Synology-SA-18:45, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, USN-3823-1, VIGILANCE-VUL-26998, VMSA-2018-0021, VU#982149, XSA-273, XSA-289.
Description of the vulnerability
An attacker can bypass access restrictions to data via L1TF OS/SMM on Intel processors, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about OpenBSD:
|