The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Solaris

vulnerability note CVE-2018-12020

GnuPG: creation of fake status messages

Synthesis of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Debian, Fedora, GnuPG, Junos Space, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 08/06/2018.
Revision date: 02/05/2019.
Identifiers: bulletinjul2018, CVE-2018-12020, DSA-4222-1, DSA-4223-1, FEDORA-2018-4ef71d3525, FEDORA-2018-69780fc4d7, FEDORA-2018-a4e13742b4, JSA10917, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, openSUSE-SU-2018:1722-1, openSUSE-SU-2018:1724-1, RHSA-2018:2180-01, RHSA-2018:2181-01, SSA:2018-159-01, SSA:2018-170-01, SUSE-SU-2018:1696-1, SUSE-SU-2018:1698-1, SUSE-SU-2018:2243-1, T4012, USN-3675-1, USN-3675-2, USN-3675-3, USN-3964-1, VIGILANCE-VUL-26364.

Description of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-0215

Apache httpd mod_ssl: privilege escalation via Per-location Client Certificate

Synthesis of the vulnerability

An attacker can bypass restrictions via Per-location Client Certificate of Apache httpd mod_ssl, in order to escalate his privileges.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Fedora, Solaris.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: user account.
Creation date: 02/04/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-141, CVE-2019-0215, FEDORA-2019-a4ed7400f4, VIGILANCE-VUL-28915.

Description of the vulnerability

An attacker can bypass restrictions via Per-location Client Certificate of Apache httpd mod_ssl, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-9636

Python: information disclosure via Punycode/IDNA NFKC Normalization

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, Solaris, Python, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 08/03/2019.
Identifiers: 36216, bulletinapr2019, CVE-2019-9636, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1371-1, RHSA-2019:0710-01, RHSA-2019:0765-01, RHSA-2019:0806-01, RHSA-2019:0902-01, RHSA-2019:1467-01, SUSE-SU-2019:0961-1, SUSE-SU-2019:0971-1, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, VIGILANCE-VUL-28692.

Description of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-9208 CVE-2019-9209 CVE-2019-9214

Wireshark: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Wireshark.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 28/02/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-081, CVE-2019-9208, CVE-2019-9209, CVE-2019-9214, DLA-1729-1, DSA-4416-1, openSUSE-SU-2019:1108-1, openSUSE-SU-2019:1390-1, SUSE-SU-2019:0619-1, SUSE-SU-2019:0688-1, USN-3986-1, VIGILANCE-VUL-28619, wnpa-sec-2019-06, wnpa-sec-2019-07, wnpa-sec-2019-08.

Description of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-1559

OpenSSL 1.0.2: information disclosure via 0-byte Record Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Impacted products: SDS, SES, SNS, Debian, AIX, IBM i, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Solaris, Percona Server, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/02/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-080, CERTFR-2019-AVI-132, CERTFR-2019-AVI-214, cpuapr2019, CVE-2019-1559, DLA-1701-1, DSA-4400-1, ibm10876638, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1105-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1175-1, openSUSE-SU-2019:1432-1, RHBUG-1683804, RHBUG-1683807, SB10282, SSA:2019-057-01, SSB-439005, STORM-2019-001, SUSE-SU-2019:0572-1, SUSE-SU-2019:0600-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0803-1, SUSE-SU-2019:0818-1, SUSE-SU-2019:1362-1, TNS-2019-02, USN-3899-1, VIGILANCE-VUL-28600.

Description of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2014-8145

SoX: buffer overflow via start_read AdpcmReadBlock

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via start_read() or AdpcmReadBlock() of SoX, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Solaris.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 25/02/2019.
Identifiers: bulletinjan2015, CVE-2014-8145, DLA-1687-1, DSA-3112-1, FEDORA-2015-1943, MDVSA-2015:015, VIGILANCE-VUL-28586.

Description of the vulnerability

An attacker can trigger a buffer overflow via start_read() or AdpcmReadBlock() of SoX, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-6465

ISC BIND: information disclosure via DLZ Zone Transfer

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via DLZ Zone Transfer of ISC BIND, in order to obtain sensitive information.
Impacted products: Debian, BIG-IP Hardware, TMOS, IBM i, BIND, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 22/02/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-242, CVE-2019-6465, DLA-1697-1, DSA-4440-1, ibm10876698, K00040234, K01713115, K25244852, openSUSE-SU-2019:1532-1, openSUSE-SU-2019:1533-1, SUSE-SU-2019:1407-1, SUSE-SU-2019:14074-1, SUSE-SU-2019:1449-1, Synology-SA-19:10, USN-3893-1, USN-3893-2, VIGILANCE-VUL-28584.

Description of the vulnerability

An attacker can bypass access restrictions to data via DLZ Zone Transfer of ISC BIND, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-5745

ISC BIND: assertion error via Managed-keys Trust Anchor Rolls Over

Synthesis of the vulnerability

An attacker can force an assertion error via Managed-keys Trust Anchor Rolls Over of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, IBM i, BIND, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet server.
Creation date: 22/02/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-242, CVE-2018-5745, DLA-1697-1, DSA-4440-1, ibm10876698, K00040234, K01713115, K25244852, openSUSE-SU-2019:1532-1, openSUSE-SU-2019:1533-1, SUSE-SU-2019:1407-1, SUSE-SU-2019:14074-1, SUSE-SU-2019:1449-1, Synology-SA-19:10, USN-3893-1, USN-3893-2, VIGILANCE-VUL-28583.

Description of the vulnerability

An attacker can force an assertion error via Managed-keys Trust Anchor Rolls Over of ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-6975

Django: memory corruption via django.utils.numberformat.format

Synthesis of the vulnerability

An attacker can trigger a memory corruption via django.utils.numberformat.format() of Django, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Solaris, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 13/02/2019.
Identifiers: bulletinapr2019, CVE-2019-6975, FEDORA-2019-5ad2149e99, FEDORA-2019-ec55814c1c, FEDORA-2019-f528d75a69, USN-3890-1, VIGILANCE-VUL-28506.

Description of the vulnerability

An attacker can trigger a memory corruption via django.utils.numberformat.format() of Django, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-3823

libcurl: out-of-bounds memory reading via SMTP End-of-Response

Synthesis of the vulnerability

An attacker can force a read at an invalid address via SMTP End-of-Response of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: curl, Debian, Fedora, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 06/02/2019.
Identifiers: bulletinjan2019, cpuapr2019, CVE-2019-3823, DLA-1672-1, DSA-4386-1, FEDORA-2019-43489941ff, openSUSE-SU-2019:0173-1, openSUSE-SU-2019:0174-1, SSA:2019-037-01, SUSE-SU-2019:0248-1, SUSE-SU-2019:0249-1, SUSE-SU-2019:0249-2, SUSE-SU-2019:0339-1, USN-3882-1, VIGILANCE-VUL-28445.

Description of the vulnerability

An attacker can force a read at an invalid address via SMTP End-of-Response of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Solaris: