| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of SRX
Junos: privilege escalation via LLDP
Synthesis of the vulnerability
An attacker can bypass restrictions via LLDP of Junos, in order to escalate his privileges.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 11/01/2018.
Revisions dates: 06/02/2018, 02/03/2018.
Identifiers: CERTFR-2018-AVI-026, CERTFR-2018-AVI-115, CERTFR-2019-AVI-069, CVE-2018-0007, JSA10830, VIGILANCE-VUL-25010.
Description of the vulnerability
An attacker can bypass restrictions via LLDP of Junos, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
NTP.org: five vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of NTP.org.
Impacted products: Blue Coat CAS, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, McAfee Web Gateway, Meinberg NTP Server, NTP.org, openSUSE Leap, Solaris, SafeNet Network HSM, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 28/02/2018.
Identifiers: bulletinapr2018, bulletinapr2019, CERTFR-2018-AVI-545, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185, FEDORA-2018-7051d682fa, FEDORA-2018-70c191d84a, FEDORA-2018-de113aeac6, FreeBSD-SA-18:02.ntp, JSA10898, K04912972, K13540723, K82570157, KB0018260, openSUSE-SU-2018:0970-1, openSUSE-SU-2018:3438-1, openSUSE-SU-2018:3452-1, SA165, SB10231, SB10264, SSA:2018-060-02, SUSE-SU-2018:1464-1, SUSE-SU-2018:1765-1, SUSE-SU-2018:3342-1, SUSE-SU-2018:3351-1, SUSE-SU-2018:3352-1, SUSE-SU-2018:3356-1, SUSE-SU-2018:3386-1, Synology-SA-18:13, Synology-SA-18:14, USN-3707-1, USN-3707-2, VIGILANCE-VUL-25397.
Description of the vulnerability
An attacker can use several vulnerabilities of NTP.org.
Full Vigil@nce bulletin... (Free trial) |
Junos: denial of service via ALG
Synthesis of the vulnerability
An attacker can generate a fatal error via ALG of Junos, in order to trigger a denial of service.
Impacted products: Junos OS, SRX-Series.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 11/01/2018.
Revision date: 06/02/2018.
Identifiers: CERTFR-2018-AVI-026, CERTFR-2018-AVI-068, CVE-2018-0002, JSA10829, VIGILANCE-VUL-25009.
Description of the vulnerability
An attacker can generate a fatal error via ALG of Junos, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
curl: two vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of libcurl.
Impacted products: OpenOffice, curl, Debian, Fedora, Rational ClearCase, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/01/2018.
Identifiers: 2014495, bulletinapr2018, CVE-2018-1000005, CVE-2018-1000007, DLA-1263-1, DSA-4098-1, FEDORA-2018-241a5a2409, FEDORA-2018-85655b12b6, JSA10874, openSUSE-SU-2018:0236-1, RHSA-2018:3157-01, RHSA-2018:3558-01, SSA:2018-024-01, USN-3554-1, USN-3554-2, VIGILANCE-VUL-25147.
Description of the vulnerability
An attacker can use several vulnerabilities of libcurl.
Full Vigil@nce bulletin... (Free trial) |
ISC BIND: assertion error via Fetch Cleanup Sequencing
Synthesis of the vulnerability
An attacker can force an assertion error via Fetch Cleanup Sequencing of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, BIND, Junos OS, Junos Space, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 17/01/2018.
Identifiers: bulletinjan2018, bulletinjul2018, CERTFR-2018-AVI-033, CVE-2017-3145, DSA-4089-1, FEDORA-2018-6550550774, FEDORA-2018-97bdb9ba32, JSA10873, JSA10875, JSA10917, K08613310, openSUSE-SU-2018:0323-1, RHSA-2018:0101-01, RHSA-2018:0102-01, RHSA-2018:0487-01, RHSA-2018:0488-01, SSA:2018-017-01, SUSE-SU-2018:0303-1, SUSE-SU-2018:0362-1, USN-3535-1, USN-3535-2, VIGILANCE-VUL-25087.
Description of the vulnerability
An attacker can force an assertion error via Fetch Cleanup Sequencing of ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Junos: privilege escalation via Leading Zeros UUID
Synthesis of the vulnerability
An attacker can bypass restrictions via Leading Zeros UUID of Junos, in order to escalate his privileges.
Impacted products: Junos OS, SRX-Series.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Creation date: 11/01/2018.
Identifiers: CERTFR-2018-AVI-026, CVE-2018-0009, JSA10836, VIGILANCE-VUL-25016.
Description of the vulnerability
An attacker can bypass restrictions via Leading Zeros UUID of Junos, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
Junos: privilege escalation via Commit Script
Synthesis of the vulnerability
An attacker can bypass restrictions via Commit Script of Junos, in order to escalate his privileges.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 11/01/2018.
Identifiers: CERTFR-2018-AVI-026, CERTFR-2018-AVI-115, CVE-2018-0008, JSA10835, VIGILANCE-VUL-25015.
Description of the vulnerability
An attacker can bypass restrictions via Commit Script of Junos, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
Junos: denial of service via bbe-smgd VLAN Authentication
Synthesis of the vulnerability
An attacker can generate a fatal error via bbe-smgd VLAN Authentication of Junos, in order to trigger a denial of service.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 11/01/2018.
Identifiers: CERTFR-2018-AVI-026, CVE-2018-0006, JSA10834, VIGILANCE-VUL-25014.
Description of the vulnerability
An attacker can generate a fatal error via bbe-smgd VLAN Authentication of Junos, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Junos: privilege escalation via MAC Move Limit Forward Traffic
Synthesis of the vulnerability
An attacker can bypass restrictions via MAC Move Limit Forward Traffic of Junos, in order to escalate his privileges.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Creation date: 11/01/2018.
Identifiers: CERTFR-2018-AVI-026, CVE-2018-0005, JSA10833, VIGILANCE-VUL-25013.
Description of the vulnerability
An attacker can bypass restrictions via MAC Move Limit Forward Traffic of Junos, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
Junos: denial of service via Transit Traffic
Synthesis of the vulnerability
An attacker can generate a fatal error via Transit Traffic of Junos, in order to trigger a denial of service.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 11/01/2018.
Identifiers: CERTFR-2018-AVI-026, CVE-2018-0004, JSA10832, VIGILANCE-VUL-25012.
Description of the vulnerability
An attacker can generate a fatal error via Transit Traffic of Junos, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about SRX:
|