The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle VM VirtualBox

computer vulnerability CVE-2018-2676 CVE-2018-2685 CVE-2018-2686

Oracle VM VirtualBox: vulnerabilities of January 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 10.
Creation date: 17/01/2018.
Revisions dates: 19/01/2018, 25/01/2018.
Identifiers: CERTFR-2018-AVI-039, cpujan2018, CVE-2018-2676, CVE-2018-2685, CVE-2018-2686, CVE-2018-2687, CVE-2018-2688, CVE-2018-2689, CVE-2018-2690, CVE-2018-2693, CVE-2018-2694, CVE-2018-2698, openSUSE-SU-2018:0187-1, openSUSE-SU-2018:2524-1, VIGILANCE-VUL-25085, WLB-2018010260, ZDI-18-117, ZDI-18-118, ZDI-18-119, ZDI-18-120, ZDI-18-121, ZDI-18-122.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-3738

OpenSSL: information disclosure via rsaz_1024_mul_avx2

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via rsaz_1024_mul_avx2() of OpenSSL, in order to obtain sensitive information.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, FreeBSD, hMailServer, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Percona Server, pfSense, RHEL, Slackware, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, WinSCP, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 07/12/2017.
Identifiers: 2014324, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-452, CERTFR-2018-AVI-155, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2017-3738, DSA-4065-1, DSA-4157-1, FEDORA-2017-e6be32cb7a, FreeBSD-SA-17:12.openssl, ibm10716907, ibm10717405, ibm10717409, ibm10719113, JSA10851, openSUSE-SU-2017:3345-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, SA159, SSA:2017-342-01, swg21647054, USN-3512-1, VIGILANCE-VUL-24698.

Description of the vulnerability

An attacker can bypass access restrictions to data via rsaz_1024_mul_avx2() of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3737

OpenSSL: information disclosure via SSL_read/SSL_write After Error

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SSL_read/SSL_write After Error of OpenSSL, in order to obtain sensitive information.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, FreeBSD, hMailServer, AIX, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Solaris, Tuxedo, VirtualBox, WebLogic, Percona Server, pfSense, RHEL, SIMATIC, Slackware, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, WinSCP, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 07/12/2017.
Identifiers: 2014324, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-452, CERTFR-2018-AVI-376, cpuapr2018, cpujan2018, cpujul2018, cpujul2019, CVE-2017-3737, DSA-4065-1, FreeBSD-SA-17:12.openssl, ibm10715641, ibm10716907, ibm10717405, ibm10717409, ibm10719113, ibm10738249, JSA10851, JSA10873, openSUSE-SU-2017:3345-1, openSUSE-SU-2018:0223-1, openSUSE-SU-2018:1057-1, RHSA-2018:0998-01, SA159, SSA-179516, SSA:2017-342-01, swg21647054, USN-3512-1, VIGILANCE-VUL-24697.

Description of the vulnerability

An attacker can bypass access restrictions to data via SSL_read/SSL_write After Error of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-10392 CVE-2017-10407 CVE-2017-10408

Oracle VM VirtualBox: vulnerabilities of October 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 3/4.
Consequences: administrator access/rights, user access/rights, data reading, denial of service on server, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 18/10/2017.
Identifiers: CERTFR-2017-AVI-368, cpuoct2017, CVE-2017-10392, CVE-2017-10407, CVE-2017-10408, CVE-2017-10428, openSUSE-SU-2017:2975-1, VIGILANCE-VUL-24165.

Description of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-9788

Apache httpd: information disclosure via mod_auth_digest

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via mod_auth_digest of Apache httpd, in order to obtain sensitive information.
Impacted products: Apache httpd, Mac OS X, Blue Coat CAS, Debian, Junos Space, openSUSE Leap, Solaris, VirtualBox, RHEL, JBoss EAP by Red Hat, Symantec Content Analysis, Ubuntu.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 13/07/2017.
Identifiers: APPLE-SA-2017-09-25-1, bulletinjul2017, cpuoct2017, CVE-2017-9788, DLA-1028-1, DSA-3913-1, HT208144, HT208221, JSA10838, openSUSE-SU-2017:2016-1, RHSA-2017:2478-01, RHSA-2017:2479-01, RHSA-2017:2483-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2017:3193-01, RHSA-2017:3194-01, RHSA-2017:3195-01, RHSA-2017:3239-01, RHSA-2017:3240-01, SYMSA1457, USN-3370-1, USN-3370-2, VIGILANCE-VUL-23249.

Description of the vulnerability

An attacker can bypass access restrictions to data via mod_auth_digest of Apache httpd, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-7679

Apache httpd: out-of-bounds memory reading via mod_mime

Synthesis of the vulnerability

An attacker can force a read at an invalid address via mod_mime of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: SES, Apache httpd, Mac OS X, Debian, NetWorker, BIG-IP Hardware, TMOS, Fedora, Junos Space, ePO, openSUSE Leap, Solaris, VirtualBox, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Creation date: 20/06/2017.
Identifiers: APPLE-SA-2017-09-25-1, bulletinjul2017, cpuoct2017, CVE-2017-7679, DLA-1009-1, DSA-3896-1, FEDORA-2017-9ded7c5670, FEDORA-2017-cf9599a306, HT208144, HT208221, JSA10838, K75429050, openSUSE-SU-2017:1803-1, RHSA-2017:2478-01, RHSA-2017:2479-01, RHSA-2017:2483-01, RHSA-2017:3193-01, RHSA-2017:3194-01, RHSA-2017:3195-01, SB10206, SSA:2017-180-03, STORM-2017-003, USN-3340-1, USN-3373-1, VIGILANCE-VUL-23004.

Description of the vulnerability

An attacker can force a read at an invalid address via mod_mime of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-7668

Apache httpd: out-of-bounds memory reading via ap_find_token

Synthesis of the vulnerability

An attacker can force a read at an invalid address via ap_find_token() of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: SES, Apache httpd, Mac OS X, Debian, Fedora, Junos Space, ePO, Solaris, VirtualBox, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Creation date: 20/06/2017.
Identifiers: APPLE-SA-2017-09-25-1, bulletinjul2017, CERTFR-2017-AVI-218, cpuoct2017, CVE-2017-7668, DLA-1009-1, DSA-3896-1, FEDORA-2017-9ded7c5670, FEDORA-2017-cf9599a306, HT208144, HT208221, JSA10838, RHSA-2017:2479-01, RHSA-2017:2483-01, RHSA-2017:3193-01, RHSA-2017:3194-01, SB10206, SSA:2017-180-03, STORM-2017-003, USN-3340-1, USN-3373-1, VIGILANCE-VUL-23003.

Description of the vulnerability

An attacker can force a read at an invalid address via ap_find_token() of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-3169

Apache httpd: NULL pointer dereference via mod_ssl

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via mod_ssl of Apache httpd, in order to trigger a denial of service.
Impacted products: SES, Apache httpd, Mac OS X, Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, ePO, openSUSE Leap, Solaris, VirtualBox, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 20/06/2017.
Identifiers: APPLE-SA-2017-09-25-1, bulletinjul2017, CERTFR-2017-AVI-218, cpuoct2017, CVE-2017-3169, DLA-1009-1, DSA-3896-1, FEDORA-2017-9ded7c5670, FEDORA-2017-cf9599a306, HT208144, HT208221, JSA10838, K83043359, openSUSE-SU-2017:1803-1, RHSA-2017:2478-01, RHSA-2017:2479-01, RHSA-2017:2483-01, RHSA-2017:3193-01, RHSA-2017:3194-01, RHSA-2017:3195-01, SB10206, SSA:2017-180-03, STORM-2017-003, USN-3340-1, USN-3373-1, VIGILANCE-VUL-23001.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via mod_ssl of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-3167

Apache httpd: privilege escalation via ap_get_basic_auth_pw

Synthesis of the vulnerability

An attacker can bypass restrictions of a module developed with ap_get_basic_auth_pw() of Apache httpd, in order to escalate his privileges.
Impacted products: Apache httpd, Mac OS X, Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, openSUSE Leap, Solaris, VirtualBox, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 20/06/2017.
Identifiers: APPLE-SA-2017-09-25-1, bulletinjul2017, CERTFR-2017-AVI-218, cpuoct2017, CVE-2017-3167, DLA-1009-1, DSA-3896-1, FEDORA-2017-9ded7c5670, FEDORA-2017-cf9599a306, HT208144, HT208221, JSA10838, K34125394, openSUSE-SU-2017:1803-1, RHSA-2017:2478-01, RHSA-2017:2479-01, RHSA-2017:2483-01, RHSA-2017:3193-01, RHSA-2017:3194-01, RHSA-2017:3195-01, SSA:2017-180-03, USN-3340-1, USN-3373-1, VIGILANCE-VUL-23000.

Description of the vulnerability

An attacker can bypass restrictions of a module developed with ap_get_basic_auth_pw() of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-3513 CVE-2017-3558 CVE-2017-3559

Oracle VM VirtualBox: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle VM VirtualBox.
Impacted products: openSUSE Leap, VirtualBox.
Severity: 3/4.
Consequences: privileged access/rights, data reading, data creation/edition, data deletion, denial of service on server, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 8.
Creation date: 19/04/2017.
Revisions dates: 19/04/2017, 20/04/2017, 24/04/2017.
Identifiers: 1086, 1091, 1103, 1136, 1141, 1227, CERTFR-2017-AVI-121, cpuapr2017, CVE-2017-3513, CVE-2017-3558, CVE-2017-3559, CVE-2017-3561, CVE-2017-3563, CVE-2017-3575, CVE-2017-3576, CVE-2017-3587, openSUSE-SU-2017:1141-1, openSUSE-SU-2017:1142-1, VIGILANCE-VUL-22495.

Description of the vulnerability

An attacker can use several vulnerabilities of Oracle VM VirtualBox.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle VM VirtualBox: