The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Solaris

vulnerability CVE-2018-11233

git: information disclosure via NTFS Path Sanity-checks

Synthesis of the vulnerability

A local attacker can read a memory fragment via NTFS Path Sanity-checks of git, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 01/06/2018.
Identifiers: bulletinjul2018, CVE-2018-11233, FEDORA-2018-080a3d7866, FEDORA-2018-75f7624a9f, openSUSE-SU-2018:1553-1, RHSA-2018:2147-01, SSA:2018-152-01, SUSE-SU-2018:1566-1, SUSE-SU-2018:1872-1, USN-3671-1, VIGILANCE-VUL-26300.

Description of the vulnerability

A local attacker can read a memory fragment via NTFS Path Sanity-checks of git, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-2592

Oslo middleware: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Oslo middleware, in order to obtain sensitive information.
Impacted products: Solaris, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 01/06/2018.
Identifiers: bulletinjul2018, CVE-2017-2592, USN-3666-1, VIGILANCE-VUL-26292.

Description of the vulnerability

An attacker can bypass access restrictions to data of Oslo middleware, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-11235

git: code execution via gitmodules

Synthesis of the vulnerability

An attacker can use a vulnerability via gitmodules of git, in order to run code.
Impacted products: Debian, Fedora, Kubernetes, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 30/05/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-263, CVE-2018-11235, DSA-4212-1, FEDORA-2018-080a3d7866, FEDORA-2018-75f7624a9f, FEDORA-2018-94eb743dad, FEDORA-2018-b10e54263a, openSUSE-SU-2018:1553-1, openSUSE-SU-2018:2502-1, openSUSE-SU-2018:3519-1, RHSA-2018:1957-01, RHSA-2018:2147-01, SSA:2018-152-01, SUSE-SU-2018:1566-1, SUSE-SU-2018:1872-1, SUSE-SU-2018:2469-1, SUSE-SU-2018:3440-1, USN-3671-1, VIGILANCE-VUL-26260.

Description of the vulnerability

An attacker can use a vulnerability via gitmodules of git, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-11354 CVE-2018-11355 CVE-2018-11356

Wireshark: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Wireshark.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 9.
Creation date: 23/05/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-251, CVE-2018-11354, CVE-2018-11355, CVE-2018-11356, CVE-2018-11357, CVE-2018-11358, CVE-2018-11359, CVE-2018-11360, CVE-2018-11361, CVE-2018-11362, DLA-1388-1, DLA-1634-1, DSA-4217-1, FEDORA-2018-3dfee621af, FEDORA-2018-d1cfa444d2, openSUSE-SU-2018:1428-1, SUSE-SU-2018:1988-1, SUSE-SU-2018:2412-1, SUSE-SU-2018:2891-1, VIGILANCE-VUL-26204, wnpa-sec-2018-25, wnpa-sec-2018-26, wnpa-sec-2018-27, wnpa-sec-2018-28, wnpa-sec-2018-29, wnpa-sec-2018-30, wnpa-sec-2018-31, wnpa-sec-2018-32, wnpa-sec-2018-33.

Description of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1000030

Python: denial of service via I/O Stream Concurrence

Synthesis of the vulnerability

An attacker can generate a fatal error via I/O Stream Concurrence of Python, in order to trigger a denial of service.
Impacted products: openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 23/05/2018.
Identifiers: bulletinjan2019, CVE-2018-1000030, openSUSE-SU-2018:1415-1, SUSE-SU-2018:1372-1, USN-3817-1, USN-3817-2, VIGILANCE-VUL-26198.

Description of the vulnerability

An attacker can generate a fatal error via I/O Stream Concurrence of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-3639

Processors: information disclosure via Speculative Store

Synthesis of the vulnerability

A local attacker can read a memory fragment via Speculative Store of some processors, in order to obtain sensitive information.
Impacted products: Mac OS X, Cisco ASR, Nexus by Cisco, NX-OS, Cisco UCS, XenServer, Debian, Avamar, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, HP ProLiant, AIX, IBM i, QRadar SIEM, Junos Space, Linux, Windows (platform) ~ not comprehensive, MiVoice 5000, openSUSE Leap, Solaris, oVirt, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere Hypervisor, VMware Workstation, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 22/05/2018.
Identifiers: 1528, 18-0006, 525441, ADV180012, CERTFR-2018-AVI-248, CERTFR-2018-AVI-250, CERTFR-2018-AVI-256, CERTFR-2018-AVI-258, CERTFR-2018-AVI-259, CERTFR-2018-AVI-280, CERTFR-2018-AVI-306, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2018-AVI-330, CERTFR-2018-AVI-346, CERTFR-2018-AVI-357, CERTFR-2018-AVI-386, CERTFR-2018-AVI-429, CERTFR-2019-AVI-036, CERTFR-2019-AVI-052, CERTFR-2019-AVI-489, cisco-sa-20180521-cpusidechannel, cpujan2019, CTX235225, CVE-2018-3639, DLA-1423-1, DLA-1424-1, DLA-1434-1, DLA-1446-1, DLA-1506-1, DLA-1529-1, DLA-1731-1, DLA-1731-2, DSA-2018-175, DSA-2019-030, DSA-4210-1, DSA-4273-1, DSA-4273-2, FEDORA-2018-5521156807, FEDORA-2018-6367a17aa3, FEDORA-2018-aec846c0ef, FEDORA-2018-db0d3e157e, FG-IR-18-002, HPESBHF03850, HT209139, HT209193, ibm10796076, JSA10917, K29146534, K54252492, N1022433, nas8N1022433, openSUSE-SU-2018:1380-1, openSUSE-SU-2018:1418-1, openSUSE-SU-2018:1420-1, openSUSE-SU-2018:1487-1, openSUSE-SU-2018:1621-1, openSUSE-SU-2018:1623-1, openSUSE-SU-2018:1628-1, openSUSE-SU-2018:1773-1, openSUSE-SU-2018:1904-1, openSUSE-SU-2018:2306-1, openSUSE-SU-2018:2399-1, openSUSE-SU-2018:2402-1, openSUSE-SU-2018:3103-1, openSUSE-SU-2018:3709-1, openSUSE-SU-2019:0042-1, openSUSE-SU-2019:1438-1, openSUSE-SU-2019:1439-1, RHSA-2018:1629-01, RHSA-2018:1630-01, RHSA-2018:1632-01, RHSA-2018:1633-01, RHSA-2018:1635-01, RHSA-2018:1636-01, RHSA-2018:1637-01, RHSA-2018:1638-01, RHSA-2018:1639-01, RHSA-2018:1640-01, RHSA-2018:1641-01, RHSA-2018:1642-01, RHSA-2018:1647-01, RHSA-2018:1648-01, RHSA-2018:1649-01, RHSA-2018:1650-01, RHSA-2018:1651-01, RHSA-2018:1652-01, RHSA-2018:1653-01, RHSA-2018:1656-01, RHSA-2018:1657-01, RHSA-2018:1658-01, RHSA-2018:1659-01, RHSA-2018:1660-01, RHSA-2018:1661-01, RHSA-2018:1662-01, RHSA-2018:1663-01, RHSA-2018:1664-01, RHSA-2018:1665-01, RHSA-2018:1666-01, RHSA-2018:1667-01, RHSA-2018:1668-01, RHSA-2018:1669-01, RHSA-2018:1737-01, RHSA-2018:1738-01, RHSA-2018:1826-01, RHSA-2018:1965-01, RHSA-2018:1967-01, RHSA-2018:1997-01, RHSA-2018:2001-01, RHSA-2018:2003-01, RHSA-2018:2006-01, RHSA-2018:2161-01, RHSA-2018:2162-01, RHSA-2018:2164-01, RHSA-2018:2171-01, RHSA-2018:2172-01, RHSA-2018:2216-01, RHSA-2018:2250-01, RHSA-2018:2309-01, RHSA-2018:2384-01, RHSA-2018:2387-01, RHSA-2018:2390-01, RHSA-2018:2394-01, RHSA-2018:2395-01, RHSA-2018:2396-01, RHSA-2018:2948-01, RHSA-2018:3396-01, RHSA-2018:3397-01, RHSA-2018:3398-01, RHSA-2018:3399-01, RHSA-2018:3400-01, RHSA-2018:3401-01, RHSA-2018:3402-01, RHSA-2018:3407-01, RHSA-2018:3423-01, RHSA-2018:3424-01, RHSA-2018:3425-01, spectre_meltdown_advisory, SSA:2018-208-01, SSA-268644, SSA-505225, SSA-608355, SUSE-SU-2018:1362-1, SUSE-SU-2018:1363-1, SUSE-SU-2018:1366-1, SUSE-SU-2018:1368-1, SUSE-SU-2018:1374-1, SUSE-SU-2018:1375-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1377-1, SUSE-SU-2018:1378-1, SUSE-SU-2018:1386-1, SUSE-SU-2018:1389-1, SUSE-SU-2018:1452-1, SUSE-SU-2018:1456-1, SUSE-SU-2018:1475-1, SUSE-SU-2018:1479-1, SUSE-SU-2018:1482-1, SUSE-SU-2018:1582-1, SUSE-SU-2018:1603-1, SUSE-SU-2018:1614-1, SUSE-SU-2018:1658-1, SUSE-SU-2018:1699-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1846-1, SUSE-SU-2018:1926-1, SUSE-SU-2018:1935-1, SUSE-SU-2018:2076-1, SUSE-SU-2018:2082-1, SUSE-SU-2018:2141-1, SUSE-SU-2018:2304-1, SUSE-SU-2018:2331-1, SUSE-SU-2018:2335-1, SUSE-SU-2018:2338-1, SUSE-SU-2018:2340-1, SUSE-SU-2018:2528-1, SUSE-SU-2018:2556-1, SUSE-SU-2018:2565-1, SUSE-SU-2018:2615-1, SUSE-SU-2018:2650-1, SUSE-SU-2018:2973-1, SUSE-SU-2018:3064-1, SUSE-SU-2018:3064-3, SUSE-SU-2018:3555-1, SUSE-SU-2019:0049-1, SUSE-SU-2019:0148-1, SUSE-SU-2019:1211-2, SUSE-SU-2019:2028-1, TA18-141A, USN-3651-1, USN-3652-1, USN-3653-1, USN-3653-2, USN-3654-1, USN-3654-2, USN-3655-1, USN-3655-2, USN-3679-1, USN-3680-1, USN-3756-1, VIGILANCE-VUL-26183, VMSA-2018-0012, VMSA-2018-0012.1, VU#180049, XSA-263.

Description of the vulnerability

A local attacker can read a memory fragment via Speculative Store of some processors, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-5150 CVE-2018-5154 CVE-2018-5155

Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Impacted products: Debian, Fedora, Thunderbird, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 22/05/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-245, CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5159, CVE-2018-5161, CVE-2018-5162, CVE-2018-5168, CVE-2018-5170, CVE-2018-5174, CVE-2018-5178, CVE-2018-5183, CVE-2018-5184, CVE-2018-5185, DLA-1382-1, DSA-4209-1, FEDORA-2018-ca9df6aaf1, MFSA-2018-13, openSUSE-SU-2018:1359-1, openSUSE-SU-2018:1361-1, RHSA-2018:1725-01, RHSA-2018:1726-01, SSA:2018-142-02, SUSE-SU-2018:2298-1, USN-3660-1, VIGILANCE-VUL-26170.

Description of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-8014

Apache Tomcat: privilege escalation via CORS Filter SupportsCredentials All Origins

Synthesis of the vulnerability

An attacker can bypass restrictions via CORS Filter SupportsCredentials All Origins of Apache Tomcat, in order to escalate his privileges.
Impacted products: Tomcat, Debian, Fedora, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, data reading.
Provenance: intranet client.
Creation date: 17/05/2018.
Identifiers: bulletinjul2018, CVE-2018-8014, DLA-1400-1, DLA-1400-2, DLA-1883-1, FEDORA-2018-b1832101b8, openSUSE-SU-2018:2740-1, openSUSE-SU-2018:3054-1, RHSA-2018:2469-01, RHSA-2018:2470-01, RHSA-2019:0450-01, RHSA-2019:0451-01, RHSA-2019:1529-01, RHSA-2019:2205-01, SUSE-SU-2018:2699-1, SUSE-SU-2018:3011-2, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, USN-3665-1, VIGILANCE-VUL-26154.

Description of the vulnerability

An attacker can bypass restrictions via CORS Filter SupportsCredentials All Origins of Apache Tomcat, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-14160

libvorbis: out-of-bounds memory reading via bark_noise_hybridmp

Synthesis of the vulnerability

An attacker can force a read at an invalid address via bark_noise_hybridmp() of libvorbis, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 17/05/2018.
Identifiers: bulletinjul2018, CVE-2017-14160, FEDORA-2018-0259281ab6, FEDORA-2019-2e385f97e2, openSUSE-SU-2018:1345-1, SUSE-SU-2018:1321-1, SUSE-SU-2018:1324-1, VIGILANCE-VUL-26152.

Description of the vulnerability

An attacker can force a read at an invalid address via bark_noise_hybridmp() of libvorbis, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-18267

Poppler: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of Poppler, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 16/05/2018.
Identifiers: bulletinjan2019, CVE-2017-18267, DLA-1562-1, DLA-1562-2, DLA-1562-3, FEDORA-2018-9a29edb638, RHSA-2018:3140-01, USN-3647-1, VIGILANCE-VUL-26139.

Description of the vulnerability

An attacker can generate a fatal error of Poppler, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Solaris: