The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Solaris

computer vulnerability alert CVE-2019-10160

Python: information disclosure via Punycode/IDNA NFKC Normalization

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, Solaris, Python, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 21/06/2019.
Identifiers: bulletinjul2019, CVE-2019-10160, DLA-1834-1, openSUSE-SU-2019:1906-1, RHSA-2019:1587-01, RHSA-2019:1700-01, SUSE-SU-2019:14142-1, SUSE-SU-2019:2050-1, SUSE-SU-2019:2053-1, SUSE-SU-2019:2053-2, SUSE-SU-2019:2064-1, SUSE-SU-2019:2091-1, VIGILANCE-VUL-29596.

Description of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-10873

Poppler: NULL pointer dereference via SplashClip-clipAALine

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via SplashClip::clipAALine() of Poppler, in order to trigger a denial of service.
Impacted products: Fedora, Solaris, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 19/06/2019.
Identifiers: bulletinapr2019, CVE-2019-10873, FEDORA-2019-cb2bff6d48, USN-4042-1, VIGILANCE-VUL-29564.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via SplashClip::clipAALine() of Poppler, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-12450

GLib: file reading via file_copy_fallback

Synthesis of the vulnerability

A local attacker can read a file via file_copy_fallback() of GLib, in order to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 11/06/2019.
Identifiers: bulletinjul2019, CVE-2019-12450, DLA-1826-1, FEDORA-2019-c18d2bd1bd, openSUSE-SU-2019:1650-1, SUSE-SU-2019:14102-1, SUSE-SU-2019:1594-1, SUSE-SU-2019:1596-1, SUSE-SU-2019:1722-1, USN-4014-1, USN-4014-2, VIGILANCE-VUL-29488.

Description of the vulnerability

A local attacker can read a file via file_copy_fallback() of GLib, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-12295

Wireshark: denial of service

Synthesis of the vulnerability

An attacker can send malicious packets to Wireshark, in order to trigger a denial of service.
Impacted products: openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Wireshark.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: document.
Creation date: 23/05/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-238, CVE-2019-12295, openSUSE-SU-2019:1646-1, openSUSE-SU-2019:1669-1, SUSE-SU-2019:1607-1, SUSE-SU-2019:1610-1, VIGILANCE-VUL-29392, wnpa-sec-2019-19.

Description of the vulnerability

An attacker can send malicious packets to Wireshark, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-0221

Apache Tomcat: Cross Site Scripting via SSI printenv

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via SSI printenv of Apache Tomcat, in order to run JavaScript code in the context of the web site.
Impacted products: Tomcat, Debian, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 17/05/2019.
Identifiers: bulletinjul2019, CVE-2019-0221, DLA-1810-1, DLA-1883-1, FEDORA-2019-1a3f878d27, FEDORA-2019-d66febb5df, openSUSE-SU-2019:1673-1, openSUSE-SU-2019:1808-1, SUSE-SU-2019:1693-1, SUSE-SU-2019:1866-1, SUSE-SU-2019:1895-1, VIGILANCE-VUL-29350.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via SSI printenv of Apache Tomcat, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-5597

FreeBSD: denial of service via IPv6

Synthesis of the vulnerability

An attacker can send fragmented IPv6 packets to FreeBSD, in order to trigger a denial of service.
Impacted products: FreeBSD, Solaris, pfSense.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 15/05/2019.
Identifiers: cpujul2019, CVE-2019-5597, FreeBSD-SA-19:05.pf, VIGILANCE-VUL-29304.

Description of the vulnerability

An attacker can send fragmented IPv6 packets to FreeBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-5598

FreeBSD: adress based IP filtering bypass

Synthesis of the vulnerability

An attacker can tamper with the IP addresse of a an IP packet nested in an ICMP one, in order to bypass the FreeBSD packet filter.
Impacted products: FreeBSD, Solaris, pfSense.
Severity: 1/4.
Consequences: data flow.
Provenance: internet client.
Creation date: 15/05/2019.
Identifiers: cpujul2019, CVE-2019-5598, FreeBSD-SA-19:06.pf, VIGILANCE-VUL-29303.

Description of the vulnerability

An attacker can tamper with the IP addresse of a an IP packet nested in an ICMP one, in order to bypass the FreeBSD packet filter.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-15173

nmap: denial of service

Synthesis of the vulnerability

An attacker can trigger a fatal error of nmap, in order to trigger a denial of service.
Impacted products: openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on client.
Provenance: internet server.
Creation date: 14/05/2019.
Identifiers: bulletinoct2018, CVE-2018-15173, openSUSE-SU-2019:1392-1, openSUSE-SU-2019:1462-1, SUSE-SU-2019:1286-1, SUSE-SU-2019:1290-1, SUSE-SU-2019:1290-2, VIGILANCE-VUL-29282.

Description of the vulnerability

An attacker can trigger a fatal error of nmap, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-12020

GnuPG: creation of fake status messages

Synthesis of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Debian, Fedora, GnuPG, Junos Space, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 08/06/2018.
Revision date: 02/05/2019.
Identifiers: bulletinjul2018, CVE-2018-12020, DSA-4222-1, DSA-4223-1, FEDORA-2018-4ef71d3525, FEDORA-2018-69780fc4d7, FEDORA-2018-a4e13742b4, JSA10917, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, openSUSE-SU-2018:1722-1, openSUSE-SU-2018:1724-1, RHSA-2018:2180-01, RHSA-2018:2181-01, SSA:2018-159-01, SSA:2018-170-01, SUSE-SU-2018:1696-1, SUSE-SU-2018:1698-1, SUSE-SU-2018:2243-1, T4012, USN-3675-1, USN-3675-2, USN-3675-3, USN-3964-1, VIGILANCE-VUL-26364.

Description of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-11026 CVE-2019-9903

poppler: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of poppler.
Impacted products: Fedora, Solaris, Ubuntu.
Severity: 2/4.
Consequences: denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/04/2019.
Identifiers: bulletinapr2019, CVE-2019-11026, CVE-2019-9903, FEDORA-2019-3193a75b06, FEDORA-2019-95eb49ef49, USN-4042-1, VIGILANCE-VUL-29155.

Description of the vulnerability

An attacker can use several vulnerabilities of poppler.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Solaris: