The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Solaris

computer vulnerability announce CVE-2019-14494

Poppler: denial of service via SplashOutputDev-tilingPatternFill

Synthesis of the vulnerability

An attacker can trigger a fatal error via SplashOutputDev::tilingPatternFill() of Poppler, in order to trigger a denial of service.
Impacted products: Solaris, Ubuntu.
Severity: 2/4.
Consequences: denial of service on client.
Provenance: document.
Creation date: 13/08/2019.
Identifiers: bulletinoct2019, CVE-2019-14494, USN-4091-1, VIGILANCE-VUL-30027.

Description of the vulnerability

An attacker can trigger a fatal error via SplashOutputDev::tilingPatternFill() of Poppler, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-9959

Poppler: integer overflow via JPXStream-init

Synthesis of the vulnerability

An attacker can trigger an integer overflow via JPXStream::init() of Poppler, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Solaris, RHEL.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 13/08/2019.
Identifiers: bulletinoct2019, CVE-2019-9959, DLA-1963-1, DLA-1963-2, FEDORA-2019-69ec14786b, FEDORA-2019-8729e0edf5, RHSA-2019:2713-01, VIGILANCE-VUL-30023.

Description of the vulnerability

An attacker can trigger an integer overflow via JPXStream::init() of Poppler, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-13454

ImageMagick: denial of service via RemoveDuplicateLayers

Synthesis of the vulnerability

An attacker can trigger a fatal error via RemoveDuplicateLayers() of ImageMagick, in order to trigger a denial of service.
Impacted products: openSUSE Leap, Solaris, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 12/08/2019.
Identifiers: bulletinjul2019, CVE-2019-13454, openSUSE-SU-2019:1983-1, SUSE-SU-2019:2106-1, VIGILANCE-VUL-30015.

Description of the vulnerability

An attacker can trigger a fatal error via RemoveDuplicateLayers() of ImageMagick, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-13391

ImageMagick: out-of-bounds memory reading via ComplexImages

Synthesis of the vulnerability

An attacker can force a read at an invalid address via ComplexImages() of ImageMagick, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: openSUSE Leap, Solaris, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 12/08/2019.
Identifiers: bulletinjul2019, CVE-2019-13391, openSUSE-SU-2019:1983-1, SUSE-SU-2019:2106-1, VIGILANCE-VUL-30013.

Description of the vulnerability

An attacker can force a read at an invalid address via ComplexImages() of ImageMagick, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-13295 CVE-2019-13296 CVE-2019-13297

ImageMagick: seventeen vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ImageMagick.
Impacted products: Debian, openSUSE Leap, Solaris, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 12/08/2019.
Identifiers: bulletinjul2019, CVE-2019-13295, CVE-2019-13296, CVE-2019-13297, CVE-2019-13298, CVE-2019-13299, CVE-2019-13300, CVE-2019-13301, CVE-2019-13302, CVE-2019-13303, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307, CVE-2019-13308, CVE-2019-13309, CVE-2019-13310, CVE-2019-13311, DLA-1888-1, openSUSE-SU-2019:1983-1, SUSE-SU-2019:2106-1, VIGILANCE-VUL-30012.

Description of the vulnerability

An attacker can use several vulnerabilities of ImageMagick.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-13133 CVE-2019-13134 CVE-2019-13135

ImageMagick: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ImageMagick.
Impacted products: Debian, BIG-IP Hardware, TMOS, openSUSE Leap, Solaris, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 12/08/2019.
Identifiers: bulletinjul2019, CVE-2019-13133, CVE-2019-13134, CVE-2019-13135, CVE-2019-13136, CVE-2019-13137, DLA-1888-1, K03512441, K20336394, openSUSE-SU-2019:1983-1, SUSE-SU-2019:2106-1, VIGILANCE-VUL-30011.

Description of the vulnerability

An attacker can use several vulnerabilities of ImageMagick.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-12974 CVE-2019-12975 CVE-2019-12976

ImageMagick: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ImageMagick.
Impacted products: Debian, openSUSE Leap, Solaris, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 12/08/2019.
Identifiers: bulletinjul2019, CVE-2019-12974, CVE-2019-12975, CVE-2019-12976, CVE-2019-12977, CVE-2019-12978, CVE-2019-12979, DLA-1888-1, openSUSE-SU-2019:1983-1, SUSE-SU-2019:2106-1, VIGILANCE-VUL-30010.

Description of the vulnerability

An attacker can use several vulnerabilities of ImageMagick.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1000876

GNU Binutils: integer overflow via objdump

Synthesis of the vulnerability

An attacker can trigger an integer overflow via objdump of GNU Binutils, in order to trigger a denial of service, and possibly to run code.
Impacted products: Solaris, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/08/2019.
Identifiers: bulletinapr2019, CVE-2018-1000876, RHSA-2019:2075-01, SSB-439005, SUSE-SU-2019:2650-1, VIGILANCE-VUL-29956.

Description of the vulnerability

An attacker can trigger an integer overflow via objdump of GNU Binutils, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-17087

Vim: file reading via Group Membership

Synthesis of the vulnerability

A local attacker can read a file via Group Membership of Vim, in order to obtain sensitive information.
Impacted products: Debian, Solaris.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 05/08/2019.
Identifiers: bulletinjul2018, CVE-2017-17087, DLA-1871-1, VIGILANCE-VUL-29938.

Description of the vulnerability

A local attacker can read a file via Group Membership of Vim, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-14232 CVE-2019-14233 CVE-2019-14234

Django: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Django.
Impacted products: Ansible Tower, Debian, Fedora, openSUSE Leap, Solaris, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 01/08/2019.
Identifiers: bulletinoct2019, CVE-2019-14232, CVE-2019-14233, CVE-2019-14234, CVE-2019-14235, DLA-1872-1, DSA-4498-1, FEDORA-2019-647f74ce51, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, USN-4084-1, VIGILANCE-VUL-29930.

Description of the vulnerability

An attacker can use several vulnerabilities of Django.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Solaris: