| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Red Hat Enterprise Linux
Linux kernel: memory corruption via PowerPC TM Bad Thing
Synthesis of the vulnerability
An attacker can generate a memory corruption via PowerPC TM Bad Thing of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Linux, RHEL, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 10/10/2017.
Identifiers: CERTFR-2017-AVI-339, CERTFR-2017-AVI-424, CERTFR-2017-AVI-426, CERTFR-2018-AVI-175, CVE-2017-1000255, FEDORA-2017-c110ac0eb1, FEDORA-2017-cafcdbdde5, FEDORA-2018-884a105c04, RHSA-2018:0654-01, USN-3443-1, USN-3443-2, USN-3443-3, USN-3487-1, VIGILANCE-VUL-24065.
Description of the vulnerability
An attacker can generate a memory corruption via PowerPC TM Bad Thing of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Nautilus: code execution via Desktop File
Synthesis of the vulnerability
An attacker can use a vulnerability via Desktop File of Nautilus, in order to run code.
Impacted products: Debian, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 09/10/2017.
Identifiers: CVE-2017-14604, DSA-3994-1, openSUSE-SU-2018:2210-1, RHSA-2018:0223-01, SUSE-SU-2018:1694-1, SUSE-SU-2018:2058-1, VIGILANCE-VUL-24049.
Description of the vulnerability
An attacker can use a vulnerability via Desktop File of Nautilus, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
OpenSSH: empty file creation via read-only sftp-server
Synthesis of the vulnerability
An attacker can use sftp-server of OpenSSH, in order to create an empty file, even if the read-only mode is selected.
Impacted products: Debian, Fedora, AIX, Copssh, Junos Space, Junos Space Network Management Platform, OpenSSH, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: internet client.
Creation date: 04/10/2017.
Identifiers: bulletinjan2019, CVE-2017-15906, DLA-1500-1, DLA-1500-2, FEDORA-2017-4862a3bfb1, FEDORA-2017-78f0991378, FEDORA-2017-96d1995b70, JSA10880, openSUSE-SU-2017:3243-1, RHSA-2018:0980-01, SUSE-SU-2018:2275-1, SUSE-SU-2018:2685-1, SUSE-SU-2018:3540-1, USN-3538-1, VIGILANCE-VUL-24020.
Description of the vulnerability
An attacker can use sftp-server of OpenSSH, in order to create an empty file, even if the read-only mode is selected.
Full Vigil@nce bulletin... (Free trial) |
curl: out-of-bounds memory reading via FTP PWD
Synthesis of the vulnerability
An attacker can force a read at an invalid address via FTP PWD of curl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: OpenOffice, Mac OS X, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Ubuntu, VxWorks.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 04/10/2017.
Identifiers: 2011879, bulletinapr2018, CVE-2017-1000254, DLA-1121-1, DSA-3992-1, FEDORA-2017-601b4c20a4, HT208331, HT208394, JSA10874, K-511316, openSUSE-SU-2017:2880-1, RHSA-2018:3558-01, SSA:2017-279-01, USN-3441-1, USN-3441-2, VIGILANCE-VUL-24018.
Description of the vulnerability
An attacker can force a read at an invalid address via FTP PWD of curl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Ruby: buffer overflow via OpenSSL ASN1 Decode
Synthesis of the vulnerability
An attacker can generate a buffer overflow via OpenSSL ASN1 Decode of Ruby, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, Debian, Fedora, Solaris, RHEL, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 27/09/2017.
Identifiers: bulletinjan2019, CVE-2017-14033, DLA-1114-1, DLA-1421-1, DSA-4031-1, FEDORA-2017-6e6f4f95e6, HT208937, HT209193, RHSA-2018:0378-01, RHSA-2018:0583-01, RHSA-2018:0585-01, SSA:2017-261-03, USN-3439-1, USN-3528-1, VIGILANCE-VUL-23927.
Description of the vulnerability
An attacker can generate a buffer overflow via OpenSSL ASN1 Decode of Ruby, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Ruby: code execution via WEBrick Basic Authentication
Synthesis of the vulnerability
An attacker can use a vulnerability via WEBrick Basic Authentication of Ruby, in order to run code.
Impacted products: Mac OS X, Debian, Fedora, Solaris, RHEL, Slackware, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/09/2017.
Identifiers: bulletinjan2019, CVE-2017-10748-ERROR, CVE-2017-10784, DLA-1113-1, DLA-1114-1, DLA-1421-1, DSA-4031-1, FEDORA-2017-6e6f4f95e6, HT208937, HT209193, RHSA-2017:3485-01, RHSA-2018:0378-01, RHSA-2018:0583-01, RHSA-2018:0585-01, SSA:2017-261-03, USN-3439-1, USN-3528-1, USN-3685-1, VIGILANCE-VUL-23926.
Description of the vulnerability
An attacker can use a vulnerability via WEBrick Basic Authentication of Ruby, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: memory corruption via PIE Executable
Synthesis of the vulnerability
An attacker can generate a memory corruption via PIE Executable of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Linux, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: document.
Creation date: 27/09/2017.
Identifiers: CERTFR-2017-AVI-324, CERTFR-2017-AVI-353, CERTFR-2017-AVI-441, CVE-2017-1000253, RHSA-2017:2793-01, RHSA-2017:2794-01, RHSA-2017:2795-01, RHSA-2017:2796-01, RHSA-2017:2797-01, RHSA-2017:2798-01, RHSA-2017:2799-01, RHSA-2017:2800-01, RHSA-2017:2801-01, RHSA-2017:2802-01, SUSE-SU-2017:2723-1, SUSE-SU-2017:2725-1, SUSE-SU-2017:3165-1, VIGILANCE-VUL-23922.
Description of the vulnerability
An attacker can generate a memory corruption via PIE Executable of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Google Chrome: two vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/09/2017.
Identifiers: CERTFR-2017-AVI-318, CVE-2017-5121, CVE-2017-5122, DSA-3985-1, FEDORA-2017-efeb59171d, openSUSE-SU-2017:2557-1, openSUSE-SU-2017:2558-1, RHSA-2017:2792-01, VIGILANCE-VUL-23907.
Description of the vulnerability
Several vulnerabilities were announced in Google Chrome.
An attacker can generate a memory corruption via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5121]
An attacker can generate a memory corruption via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5122]
Full Vigil@nce bulletin... (Free trial) |
Node.js tough-cookie: denial of service via Regular Expression
Synthesis of the vulnerability
An attacker can generate a fatal error via Regular Expression of Node.js tough-cookie, in order to trigger a denial of service.
Impacted products: Nodejs Modules ~ not comprehensive, RHEL.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 21/09/2017.
Identifiers: CVE-2017-15010, RHSA-2017:2912-01, RHSA-2017:2913-01, VIGILANCE-VUL-23898.
Description of the vulnerability
An attacker can generate a fatal error via Regular Expression of Node.js tough-cookie, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Apache Tomcat: code execution via Read-write Default/WebDAV Servlet
Synthesis of the vulnerability
An attacker can use a vulnerability via Read-write Default/WebDAV Servlet of Apache Tomcat, in order to run code.
Impacted products: Tomcat, Debian, NetWorker, Fedora, MariaDB ~ precise, ePO, MySQL Community, MySQL Enterprise, openSUSE Leap, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle Internet Directory, Oracle iPlanet Web Server, Tuxedo, WebLogic, Oracle Web Tier, Percona Server, XtraDB Cluster, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 20/09/2017.
Identifiers: 504539, 61542, CERTFR-2017-AVI-332, cpuapr2018, cpujan2018, cpujul2018, CVE-2017-12617, DLA-1166-1, DLA-1166-2, ESA-2017-097, FEDORA-2017-ef7c118dbc, FEDORA-2017-f499ee7b12, openSUSE-SU-2017:3069-1, RHSA-2017:3080-01, RHSA-2017:3081-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2018:0465-01, RHSA-2018:0466-01, SB10218, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, USN-3665-1, VIGILANCE-VUL-23883.
Description of the vulnerability
An attacker can use a vulnerability via Read-write Default/WebDAV Servlet of Apache Tomcat, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Red Hat Enterprise Linux:
|