The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Solaris

computer vulnerability CVE-2019-3823

libcurl: out-of-bounds memory reading via SMTP End-of-Response

Synthesis of the vulnerability

An attacker can force a read at an invalid address via SMTP End-of-Response of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: curl, Debian, Fedora, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 06/02/2019.
Identifiers: bulletinjan2019, cpuapr2019, CVE-2019-3823, DLA-1672-1, DSA-4386-1, FEDORA-2019-43489941ff, openSUSE-SU-2019:0173-1, openSUSE-SU-2019:0174-1, SSA:2019-037-01, SUSE-SU-2019:0248-1, SUSE-SU-2019:0249-1, SUSE-SU-2019:0249-2, SUSE-SU-2019:0339-1, USN-3882-1, VIGILANCE-VUL-28445.

Description of the vulnerability

An attacker can force a read at an invalid address via SMTP End-of-Response of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-16890

libcurl: out-of-bounds memory reading via NTLM Type-2

Synthesis of the vulnerability

An attacker can force a read at an invalid address via NTLM Type-2 of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: curl, Debian, Fedora, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 06/02/2019.
Identifiers: bulletinjan2019, cpuapr2019, CVE-2018-16890, DLA-1672-1, DSA-4386-1, FEDORA-2019-43489941ff, openSUSE-SU-2019:0173-1, openSUSE-SU-2019:0174-1, SSA:2019-037-01, SUSE-SU-2019:0248-1, SUSE-SU-2019:0249-1, SUSE-SU-2019:0249-2, SUSE-SU-2019:0339-1, USN-3882-1, VIGILANCE-VUL-28443.

Description of the vulnerability

An attacker can force a read at an invalid address via NTLM Type-2 of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-13710 CVE-2017-13716

GNU Binutils: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of GNU Binutils.
Impacted products: Fedora, Solaris.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/02/2019.
Identifiers: bulletinapr2018, CVE-2017-13710, CVE-2017-13716, FEDORA-2019-ba3cbcfd20, VIGILANCE-VUL-28429.

Description of the vulnerability

An attacker can use several vulnerabilities of GNU Binutils.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-6486

Go: denial of service via P-521 P-384 Elliptic Curves

Synthesis of the vulnerability

An attacker can trigger a fatal error via P-521 P-384 Elliptic Curves of Go, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, Solaris, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 01/02/2019.
Identifiers: 10303, bulletinjan2019, CVE-2019-6486, DLA-1664-1, DSA-4379-1, DSA-4380-1, openSUSE-SU-2019:1164-1, SUSE-SU-2019:0651-1, VIGILANCE-VUL-28426.

Description of the vulnerability

An attacker can trigger a fatal error via P-521 P-384 Elliptic Curves of Go, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-4416 CVE-2018-4438 CVE-2018-4441

WebKitGTK+: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Impacted products: iOS by Apple, iPhone, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 23/01/2019.
Identifiers: bulletinjan2019, CVE-2018-4416, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464, HT209340, openSUSE-SU-2019:0081-1, openSUSE-SU-2019:0108-1, openSUSE-SU-2019:0308-1, SUSE-SU-2019:0146-1, SUSE-SU-2019:0497-1, VIGILANCE-VUL-28338.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-17199

Apache httpd: privilege escalation via mod_session_cookie Ignored Expiry Time

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_session_cookie Ignored Expiry Time of Apache httpd, in order to escalate his privileges.
Impacted products: Apache httpd, Debian, IBM i, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 23/01/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-031, CVE-2018-17199, DLA-1647-1, DSA-4422-1, ibm10872490, openSUSE-SU-2019:0296-1, openSUSE-SU-2019:0305-1, SSA:2019-022-01, SUSE-SU-2019:0498-1, SUSE-SU-2019:0504-1, USN-3937-1, VIGILANCE-VUL-28330.

Description of the vulnerability

An attacker can bypass restrictions via mod_session_cookie Ignored Expiry Time of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-17189

Apache httpd: denial of service via mod_http2

Synthesis of the vulnerability

An attacker can trigger a fatal error via mod_http2 of Apache httpd, in order to trigger a denial of service.
Impacted products: Apache httpd, Debian, IBM i, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 23/01/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-031, CVE-2018-17189, DSA-4422-1, ibm10872490, openSUSE-SU-2019:0296-1, openSUSE-SU-2019:0305-1, SSA:2019-022-01, SUSE-SU-2019:0498-1, SUSE-SU-2019:0504-1, USN-3937-1, VIGILANCE-VUL-28329.

Description of the vulnerability

An attacker can trigger a fatal error via mod_http2 of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-6110

OpenSSH scp, PuTTY PSCP: spoofing via Scp Client ANSI Codes stderr File Hidding

Synthesis of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Impacted products: IBM i, OpenSSH, openSUSE Leap, Solaris, PuTTY, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***.
Severity: 1/4.
Consequences: disguisement.
Provenance: internet server.
Creation date: 14/01/2019.
Identifiers: bulletinjan2019, CVE-2019-6110, ibm10731015, openSUSE-SU-2019:0091-1, openSUSE-SU-2019:0093-1, SUSE-SU-2019:0125-1, SUSE-SU-2019:0126-1, SUSE-SU-2019:0132-1, SUSE-SU-2019:13931-1, VIGILANCE-VUL-28262.

Description of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-6109

OpenSSH scp, PuTTY PSCP: spoofing via Scp Client ANSI Codes File Hidding

Synthesis of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Impacted products: Debian, IBM i, OpenSSH, openSUSE Leap, Solaris, PuTTY, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 1/4.
Consequences: disguisement.
Provenance: internet server.
Creation date: 14/01/2019.
Identifiers: bulletinjan2019, CVE-2019-6109, DLA-1728-1, DSA-4387-1, DSA-4387-2, ibm10731015, openSUSE-SU-2019:0091-1, openSUSE-SU-2019:0093-1, openSUSE-SU-2019:0307-1, SUSE-SU-2019:0125-1, SUSE-SU-2019:0126-1, SUSE-SU-2019:0132-1, SUSE-SU-2019:0496-1, SUSE-SU-2019:0941-1, SUSE-SU-2019:13931-1, SUSE-SU-2019:14016-1, USN-3885-1, USN-3885-2, VIGILANCE-VUL-28261.

Description of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-5716 CVE-2019-5717 CVE-2019-5718

Wireshark: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Wireshark.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 09/01/2019.
Identifiers: bulletinjan2019, CERTFR-2019-AVI-005, CVE-2019-5716, CVE-2019-5717, CVE-2019-5718, CVE-2019-5719, CVE-2019-5721, DLA-1645-1, DSA-4416-1, FEDORA-2019-866b01407a, FEDORA-2019-fbd2bad9f9, openSUSE-SU-2019:0092-1, SUSE-SU-2019:0130-1, SUSE-SU-2019:0138-1, VIGILANCE-VUL-28193, wnpa-sec-2019-01, wnpa-sec-2019-02, wnpa-sec-2019-03, wnpa-sec-2019-04, wnpa-sec-2019-05.

Description of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Solaris: