| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of SUSE Linux Enterprise Server
OpenSSL: out-of-bounds memory reading via X.509 IPAddressFamily
Synthesis of the vulnerability
An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Mac OS X, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, FreeBSD, hMailServer, AIX, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, XtraDB Cluster, pfSense, RHEL, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/11/2017.
Identifiers: 2011879, 2013026, 2014367, bulletinapr2018, CERTFR-2017-AVI-391, cpuapr2018, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3735, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, HT208331, HT208394, ibm10715641, ibm10738249, JSA10851, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:3221-01, SA157, SB10211, SUSE-SU-2017:2968-1, SUSE-SU-2017:2981-1, SUSE-SU-2018:0112-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24317.
Description of the vulnerability
An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: Man-in-the-Middle via bn_sqrx8x_internal
Synthesis of the vulnerability
An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Impacted products: SDS, SNS, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, hMailServer, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Email Gateway, McAfee NSP, McAfee NTBA, VirusScan, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, XtraDB Cluster, pfSense, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 02/11/2017.
Identifiers: 2012827, 2013025, 2014202, 2014651, 2014669, 2015080, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-391, cpuapr2018, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3736, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, ibm10715641, ibm10719113, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10851, K14363514, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA157, SB10211, SB10220, SSA:2017-306-02, STORM-2017-006, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24316.
Description of the vulnerability
An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial) |
MongoDB: read-write access via Wire Protocol Compression
Synthesis of the vulnerability
An attacker can bypass access restrictions via Wire Protocol Compression of MongoDB, in order to read or alter data.
Impacted products: Fedora, MongoDB, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: intranet client.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-386, CVE-2017-15535, FEDORA-2017-774e7863a4, FEDORA-2017-913288e9a9, openSUSE-SU-2017:3018-1, openSUSE-SU-2017:3022-1, VIGILANCE-VUL-24311.
Description of the vulnerability
An attacker can bypass access restrictions via Wire Protocol Compression of MongoDB, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: NULL pointer dereference via assoc_array_apply_edit
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-448, CERTFR-2017-AVI-454, CERTFR-2017-AVI-458, CERTFR-2018-AVI-321, CVE-2017-12193, FEDORA-2017-38b37120a2, FEDORA-2017-9fbb35aeda, FEDORA-2018-884a105c04, openSUSE-SU-2017:3358-1, openSUSE-SU-2017:3359-1, RHSA-2018:0151-01, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3398-1, SUSE-SU-2017:3410-1, USN-3507-1, USN-3507-2, USN-3509-1, USN-3509-2, USN-3509-3, USN-3509-4, USN-3698-1, USN-3698-2, VIGILANCE-VUL-24308.
Description of the vulnerability
The Noyau Linux product offers a web service.
However, it does not check if a pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
GraphicsMagick: NULL pointer dereference via ReadOneJNGImage
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced via ReadOneJNGImage() of GraphicsMagick, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/11/2017.
Identifiers: CVE-2017-15930, DLA-1154-1, DLA-1456-1, DSA-4321-1, DSA-4321-2, openSUSE-SU-2017:3020-1, openSUSE-SU-2017:3420-1, SUSE-SU-2017:3378-1, SUSE-SU-2017:3388-1, SUSE-SU-2017:3435-1, VIGILANCE-VUL-24302.
Description of the vulnerability
An attacker can force a NULL pointer to be dereferenced via ReadOneJNGImage() of GraphicsMagick, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
GraphicsMagick: denial of service via ReadPICTImage
Synthesis of the vulnerability
An attacker can generate a fatal error via ReadPICTImage() of GraphicsMagick, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/11/2017.
Identifiers: CVE-2017-14997, DLA-1154-1, DLA-1456-1, DSA-4321-1, DSA-4321-2, openSUSE-SU-2018:3479-1, openSUSE-SU-2018:3524-1, SUSE-SU-2018:3465-1, SUSE-SU-2018:3808-1, SUSE-SU-2019:13923-1, VIGILANCE-VUL-24301.
Description of the vulnerability
An attacker can generate a fatal error via ReadPICTImage() of GraphicsMagick, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
GraphicsMagick: out-of-bounds memory reading via ReadRLEImage
Synthesis of the vulnerability
An attacker can force a read at an invalid address via ReadRLEImage() of GraphicsMagick, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/11/2017.
Identifiers: CVE-2017-14733, DLA-1154-1, DLA-1401-1, DSA-4321-1, DSA-4321-2, openSUSE-SU-2017:3270-1, openSUSE-SU-2017:3420-1, SUSE-SU-2017:3378-1, SUSE-SU-2017:3388-1, VIGILANCE-VUL-24299.
Description of the vulnerability
An attacker can force a read at an invalid address via ReadRLEImage() of GraphicsMagick, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Poppler: denial of service
Synthesis of the vulnerability
An attacker can generate a fatal error of Poppler, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/10/2017.
Identifiers: bulletinjan2019, CVE-2017-15565, DLA-1177-1, DSA-4079-1, DSA-4079-2, FEDORA-2017-1762a103bf, FEDORA-2017-2853ab80b3, FEDORA-2018-e23d2dae46, openSUSE-SU-2018:1721-1, SUSE-SU-2018:1662-1, SUSE-SU-2018:1691-1, USN-3467-1, VIGILANCE-VUL-24271.
Description of the vulnerability
An attacker can generate a fatal error of Poppler, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Quagga: memory corruption via AS_PATH Long Paths Update Message
Synthesis of the vulnerability
An attacker can generate a memory corruption via AS_PATH Long Paths Update Message of Quagga, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Quagga, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 30/10/2017.
Identifiers: bulletinapr2018, CVE-2017-16227, DLA-1152-1, DSA-4011-1, FEDORA-2017-7d25605e98, FEDORA-2017-df3032c978, openSUSE-SU-2018:0473-1, SUSE-SU-2018:0455-1, SUSE-SU-2018:0456-1, SUSE-SU-2018:0457-1, USN-3471-1, VIGILANCE-VUL-24267.
Description of the vulnerability
An attacker can generate a memory corruption via AS_PATH Long Paths Update Message of Quagga, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: denial of service via KEY_FLAG_NEGATIVE
Synthesis of the vulnerability
An attacker can generate a fatal error via KEY_FLAG_NEGATIVE of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 30/10/2017.
Identifiers: CERTFR-2017-AVI-424, CERTFR-2017-AVI-454, CERTFR-2018-AVI-147, CERTFR-2018-AVI-196, CVE-2017-15951, FEDORA-2017-10faeda281, FEDORA-2017-ebab38baf6, openSUSE-SU-2018:0781-1, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0986-1, USN-3485-1, USN-3485-2, USN-3485-3, USN-3507-1, USN-3507-2, VIGILANCE-VUL-24266.
Description of the vulnerability
An attacker can generate a fatal error via KEY_FLAG_NEGATIVE of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about SUSE Linux Enterprise Server:
|