| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of OpenBSD
Intel 64-bit CPU: information disclosure via SWAPGS
Synthesis of the vulnerability
A local attacker can read a memory fragment via SWAPGS of Intel 64-bit CPU, in order to obtain sensitive information.
Impacted products: SNS, Arkoon FAST360, Debian, BIG-IP Hardware, TMOS, Fedora, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, NETASQ, OpenBSD, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 07/08/2019.
Identifiers: CERTFR-2019-AVI-375, CERTFR-2019-AVI-376, CERTFR-2019-AVI-381, CERTFR-2019-AVI-390, CERTFR-2019-AVI-391, CERTFR-2019-AVI-392, CVE-2019-1125, DLA-1884-1, DLA-1885-1, DSA-4495-1, DSA-4497-1, FEDORA-2019-6bda4c81f4, FEDORA-2019-e37c348348, K31085564, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, RHSA-2019:2405-01, RHSA-2019:2411-01, RHSA-2019:2473-01, RHSA-2019:2476-01, SSA:2019-226-01, STORM-2019-007, SUSE-SU-2019:2068-1, SUSE-SU-2019:2069-1, SUSE-SU-2019:2070-1, SUSE-SU-2019:2071-1, SUSE-SU-2019:2072-1, SUSE-SU-2019:2073-1, SWAPGS, Synology-SA-19:32, USN-4093-1, USN-4094-1, USN-4095-1, USN-4095-2, USN-4096-1, VIGILANCE-VUL-29962.
Description of the vulnerability
A local attacker can read a memory fragment via SWAPGS of Intel 64-bit CPU, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Intel processors: information disclosure via performance measurement
Synthesis of the vulnerability
An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Impacted products: XenServer, Debian, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, HP ProLiant, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows RT, OpenBSD, openSUSE Leap, PAN-OS, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, ESXi, vCenter Server, VMware vSphere Hypervisor, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/05/2019.
Revision date: 15/05/2019.
Identifiers: CERTFR-2019-AVI-209, CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CERTFR-2019-AVI-213, CERTFR-2019-AVI-215, CERTFR-2019-AVI-217, CERTFR-2019-AVI-229, CERTFR-2019-AVI-230, CERTFR-2019-AVI-233, CERTFR-2019-AVI-311, CTX251995, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, DLA-1787-1, DLA-1789-1, DLA-1789-2, DLA-1799-1, DLA-1799-2, DSA-4444-1, DSA-4447-1, DSA-4447-2, FEDORA-2019-0731828893, FEDORA-2019-1f5832fc0e, FEDORA-2019-640f8d8dd1, FEDORA-2019-6458474bf2, FEDORA-2019-c36afa818c, FEDORA-2019-e6bf55e821, FEDORA-2019-eb08fb0c5f, FG-IR-18-002, FreeBSD-SA-19:07.mds, HPESBHF03933, INTEL-SA-00233, openSUSE-SU-2019:1402-1, openSUSE-SU-2019:1403-1, openSUSE-SU-2019:1404-1, openSUSE-SU-2019:1405-1, openSUSE-SU-2019:1407-1, openSUSE-SU-2019:1408-1, openSUSE-SU-2019:1419-1, openSUSE-SU-2019:1420-1, openSUSE-SU-2019:1468-1, openSUSE-SU-2019:1505-1, openSUSE-SU-2019:1805-1, openSUSE-SU-2019:1806-1, PAN-SA-2019-0012, RHSA-2019:1155-01, RHSA-2019:1167-01, RHSA-2019:1168-01, RHSA-2019:1169-01, RHSA-2019:1170-01, RHSA-2019:1171-01, RHSA-2019:1172-01, RHSA-2019:1174-01, RHSA-2019:1175-01, RHSA-2019:1176-01, RHSA-2019:1177-01, RHSA-2019:1178-01, RHSA-2019:1180-01, RHSA-2019:1181-01, RHSA-2019:1182-01, RHSA-2019:1183-01, RHSA-2019:1184-01, RHSA-2019:1185-01, RHSA-2019:1186-01, RHSA-2019:1187-01, RHSA-2019:1188-01, RHSA-2019:1189-01, RHSA-2019:1190-01, RHSA-2019:1193-01, RHSA-2019:1194-01, RHSA-2019:1195-01, RHSA-2019:1196-01, RHSA-2019:1197-01, RHSA-2019:1198-01, SSA-616472, SUSE-SU-2019:1235-1, SUSE-SU-2019:1236-1, SUSE-SU-2019:1238-1, SUSE-SU-2019:1239-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1243-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, SUSE-SU-2019:1248-1, SUSE-SU-2019:1268-1, SUSE-SU-2019:1269-1, SUSE-SU-2019:1272-1, SUSE-SU-2019:1287-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:1296-1, SUSE-SU-2019:1313-1, SUSE-SU-2019:1347-1, SUSE-SU-2019:1348-1, SUSE-SU-2019:1349-1, SUSE-SU-2019:1356-1, SUSE-SU-2019:1371-1, SUSE-SU-2019:14048-1, SUSE-SU-2019:14051-1, SUSE-SU-2019:14052-1, SUSE-SU-2019:14063-1, SUSE-SU-2019:14133-1, SUSE-SU-2019:1423-1, SUSE-SU-2019:1438-1, SUSE-SU-2019:1452-1, SUSE-SU-2019:1490-1, SUSE-SU-2019:1547-1, SUSE-SU-2019:1550-1, SUSE-SU-2019:1909-1, SUSE-SU-2019:1910-1, SUSE-SU-2019:1954-1, Synology-SA-19:24, USN-3977-1, USN-3977-2, USN-3977-3, USN-3978-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, USN-3982-1, USN-3982-2, USN-3983-1, USN-3983-2, USN-3984-1, USN-3985-1, USN-3985-2, VIGILANCE-VUL-29300, VMSA-2019-0008, XSA-297, ZombieLoad.
Description of the vulnerability
An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Full Vigil@nce bulletin... (Free trial) |
OpenBSD: denial of service via IPv6
Synthesis of the vulnerability
A local attacker can create malicious IPv6 packets to OpenBSD, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: privileged shell.
Creation date: 02/05/2019.
Identifiers: VIGILANCE-VUL-29177.
Description of the vulnerability
A local attacker can create malicious IPv6 packets to OpenBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
OpenBSD: privilege escalation via vmmints
Synthesis of the vulnerability
An attacker can bypass restrictions via vmmints of OpenBSD, in order to escalate his privileges.
Impacted products: OpenBSD.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 27/03/2019.
Identifiers: VIGILANCE-VUL-28874.
Description of the vulnerability
An attacker can bypass restrictions via vmmints of OpenBSD, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
OpenBSD: memory leak via unveil
Synthesis of the vulnerability
An attacker can create a memory leak via unveil() of OpenBSD, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 28/01/2019.
Identifiers: VIGILANCE-VUL-28374.
Description of the vulnerability
An attacker can create a memory leak via unveil() of OpenBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
OpenBSD: denial of service via NFS
Synthesis of the vulnerability
An attacker can trigger a fatal error via NFS of OpenBSD, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user account.
Creation date: 28/01/2019.
Identifiers: VIGILANCE-VUL-28373.
Description of the vulnerability
An attacker can trigger a fatal error via NFS of OpenBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
OpenBSD: information disclosure via mincore
Synthesis of the vulnerability
A local attacker can read a memory fragment via mincore() of OpenBSD, in order to obtain sensitive information.
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 28/01/2019.
Identifiers: VIGILANCE-VUL-28372.
Description of the vulnerability
A local attacker can read a memory fragment via mincore() of OpenBSD, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
OpenBSD: buffer overflow via setsockopt
Synthesis of the vulnerability
An attacker can trigger a buffer overflow via setsockopt() of OpenBSD, in order to trigger a denial of service, and possibly to run code.
Impacted products: OpenBSD.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 27/12/2018.
Identifiers: VIGILANCE-VUL-28102.
Description of the vulnerability
An attacker can trigger a buffer overflow via setsockopt() of OpenBSD, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
OpenBSD: assertion error via recv MSG_WAITALL
Synthesis of the vulnerability
An attacker can force an assertion error via recv() MSG_WAITALL of OpenBSD, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 19/12/2018.
Identifiers: VIGILANCE-VUL-28052.
Description of the vulnerability
An attacker can force an assertion error via recv() MSG_WAITALL of OpenBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
OpenBSD 6.4: denial of service via Qcow2 4GB Write
Synthesis of the vulnerability
An attacker can generate a fatal error via Qcow2 4GB Write of OpenBSD 6.4, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 30/11/2018.
Identifiers: VIGILANCE-VUL-27924.
Description of the vulnerability
An attacker can generate a fatal error via Qcow2 4GB Write of OpenBSD 6.4, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about OpenBSD:
|