The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat Enterprise Linux

computer vulnerability CVE-2017-1000255

Linux kernel: memory corruption via PowerPC TM Bad Thing

Synthesis of the vulnerability

An attacker can generate a memory corruption via PowerPC TM Bad Thing of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Linux, RHEL, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 10/10/2017.
Identifiers: CERTFR-2017-AVI-339, CERTFR-2017-AVI-424, CERTFR-2017-AVI-426, CERTFR-2018-AVI-175, CVE-2017-1000255, FEDORA-2017-c110ac0eb1, FEDORA-2017-cafcdbdde5, FEDORA-2018-884a105c04, RHSA-2018:0654-01, USN-3443-1, USN-3443-2, USN-3443-3, USN-3487-1, VIGILANCE-VUL-24065.

Description of the vulnerability

An attacker can generate a memory corruption via PowerPC TM Bad Thing of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-14604

Nautilus: code execution via Desktop File

Synthesis of the vulnerability

An attacker can use a vulnerability via Desktop File of Nautilus, in order to run code.
Impacted products: Debian, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 09/10/2017.
Identifiers: CVE-2017-14604, DSA-3994-1, openSUSE-SU-2018:2210-1, RHSA-2018:0223-01, SUSE-SU-2018:1694-1, SUSE-SU-2018:2058-1, VIGILANCE-VUL-24049.

Description of the vulnerability

An attacker can use a vulnerability via Desktop File of Nautilus, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-15906

OpenSSH: empty file creation via read-only sftp-server

Synthesis of the vulnerability

An attacker can use sftp-server of OpenSSH, in order to create an empty file, even if the read-only mode is selected.
Impacted products: Debian, Fedora, AIX, Copssh, Junos Space, Junos Space Network Management Platform, OpenSSH, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: internet client.
Creation date: 04/10/2017.
Identifiers: bulletinjan2019, CVE-2017-15906, DLA-1500-1, DLA-1500-2, FEDORA-2017-4862a3bfb1, FEDORA-2017-78f0991378, FEDORA-2017-96d1995b70, JSA10880, openSUSE-SU-2017:3243-1, RHSA-2018:0980-01, SUSE-SU-2018:2275-1, SUSE-SU-2018:2685-1, SUSE-SU-2018:3540-1, USN-3538-1, VIGILANCE-VUL-24020.

Description of the vulnerability

An attacker can use sftp-server of OpenSSH, in order to create an empty file, even if the read-only mode is selected.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-1000254

curl: out-of-bounds memory reading via FTP PWD

Synthesis of the vulnerability

An attacker can force a read at an invalid address via FTP PWD of curl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: OpenOffice, Mac OS X, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Ubuntu, VxWorks.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 04/10/2017.
Identifiers: 2011879, bulletinapr2018, CVE-2017-1000254, DLA-1121-1, DSA-3992-1, FEDORA-2017-601b4c20a4, HT208331, HT208394, JSA10874, K-511316, openSUSE-SU-2017:2880-1, RHSA-2018:3558-01, SSA:2017-279-01, USN-3441-1, USN-3441-2, VIGILANCE-VUL-24018.

Description of the vulnerability

An attacker can force a read at an invalid address via FTP PWD of curl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-14033

Ruby: buffer overflow via OpenSSL ASN1 Decode

Synthesis of the vulnerability

An attacker can generate a buffer overflow via OpenSSL ASN1 Decode of Ruby, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, Debian, Fedora, Solaris, RHEL, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 27/09/2017.
Identifiers: bulletinjan2019, CVE-2017-14033, DLA-1114-1, DLA-1421-1, DSA-4031-1, FEDORA-2017-6e6f4f95e6, HT208937, HT209193, RHSA-2018:0378-01, RHSA-2018:0583-01, RHSA-2018:0585-01, SSA:2017-261-03, USN-3439-1, USN-3528-1, VIGILANCE-VUL-23927.

Description of the vulnerability

An attacker can generate a buffer overflow via OpenSSL ASN1 Decode of Ruby, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-10784

Ruby: code execution via WEBrick Basic Authentication

Synthesis of the vulnerability

An attacker can use a vulnerability via WEBrick Basic Authentication of Ruby, in order to run code.
Impacted products: Mac OS X, Debian, Fedora, Solaris, RHEL, Slackware, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/09/2017.
Identifiers: bulletinjan2019, CVE-2017-10748-ERROR, CVE-2017-10784, DLA-1113-1, DLA-1114-1, DLA-1421-1, DSA-4031-1, FEDORA-2017-6e6f4f95e6, HT208937, HT209193, RHSA-2017:3485-01, RHSA-2018:0378-01, RHSA-2018:0583-01, RHSA-2018:0585-01, SSA:2017-261-03, USN-3439-1, USN-3528-1, USN-3685-1, VIGILANCE-VUL-23926.

Description of the vulnerability

An attacker can use a vulnerability via WEBrick Basic Authentication of Ruby, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-1000253

Linux kernel: memory corruption via PIE Executable

Synthesis of the vulnerability

An attacker can generate a memory corruption via PIE Executable of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Linux, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: document.
Creation date: 27/09/2017.
Identifiers: CERTFR-2017-AVI-324, CERTFR-2017-AVI-353, CERTFR-2017-AVI-441, CVE-2017-1000253, RHSA-2017:2793-01, RHSA-2017:2794-01, RHSA-2017:2795-01, RHSA-2017:2796-01, RHSA-2017:2797-01, RHSA-2017:2798-01, RHSA-2017:2799-01, RHSA-2017:2800-01, RHSA-2017:2801-01, RHSA-2017:2802-01, SUSE-SU-2017:2723-1, SUSE-SU-2017:2725-1, SUSE-SU-2017:3165-1, VIGILANCE-VUL-23922.

Description of the vulnerability

An attacker can generate a memory corruption via PIE Executable of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-5121 CVE-2017-5122

Google Chrome: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/09/2017.
Identifiers: CERTFR-2017-AVI-318, CVE-2017-5121, CVE-2017-5122, DSA-3985-1, FEDORA-2017-efeb59171d, openSUSE-SU-2017:2557-1, openSUSE-SU-2017:2558-1, RHSA-2017:2792-01, VIGILANCE-VUL-23907.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can generate a memory corruption via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5121]

An attacker can generate a memory corruption via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5122]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-15010

Node.js tough-cookie: denial of service via Regular Expression

Synthesis of the vulnerability

An attacker can generate a fatal error via Regular Expression of Node.js tough-cookie, in order to trigger a denial of service.
Impacted products: Nodejs Modules ~ not comprehensive, RHEL.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 21/09/2017.
Identifiers: CVE-2017-15010, RHSA-2017:2912-01, RHSA-2017:2913-01, VIGILANCE-VUL-23898.

Description of the vulnerability

An attacker can generate a fatal error via Regular Expression of Node.js tough-cookie, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-12617

Apache Tomcat: code execution via Read-write Default/WebDAV Servlet

Synthesis of the vulnerability

An attacker can use a vulnerability via Read-write Default/WebDAV Servlet of Apache Tomcat, in order to run code.
Impacted products: Tomcat, Debian, NetWorker, Fedora, MariaDB ~ precise, ePO, MySQL Community, MySQL Enterprise, openSUSE Leap, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle Internet Directory, Oracle iPlanet Web Server, Tuxedo, WebLogic, Oracle Web Tier, Percona Server, XtraDB Cluster, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 20/09/2017.
Identifiers: 504539, 61542, CERTFR-2017-AVI-332, cpuapr2018, cpujan2018, cpujul2018, CVE-2017-12617, DLA-1166-1, DLA-1166-2, ESA-2017-097, FEDORA-2017-ef7c118dbc, FEDORA-2017-f499ee7b12, openSUSE-SU-2017:3069-1, RHSA-2017:3080-01, RHSA-2017:3081-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2018:0465-01, RHSA-2018:0466-01, SB10218, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, USN-3665-1, VIGILANCE-VUL-23883.

Description of the vulnerability

An attacker can use a vulnerability via Read-write Default/WebDAV Servlet of Apache Tomcat, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Enterprise Linux: