The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Solaris

computer vulnerability bulletin CVE-2017-18258

libxml2: denial of service via xz_head

Synthesis of the vulnerability

An attacker can generate a fatal error via xz_head() of libxml2, in order to trigger a denial of service.
Impacted products: Debian, Junos OS, libxml, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/04/2018.
Identifiers: bulletinapr2019, CERTFR-2018-AVI-288, CVE-2017-18258, DLA-1524-1, JSA10916, openSUSE-SU-2018:3107-1, SUSE-SU-2018:3081-1, TNS-2018-08, USN-3739-1, USN-3739-2, VIGILANCE-VUL-25798.

Description of the vulnerability

An attacker can generate a fatal error via xz_head() of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1000156

GNU patch: code execution via ed

Synthesis of the vulnerability

An attacker can use a vulnerability via ed of GNU patch, similar to VIGILANCE-VUL-17557, in order to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 06/04/2018.
Identifiers: 53566, bulletinapr2018, CVE-2018-1000156, DLA-1348-1, FEDORA-2018-23a1b5975a, FEDORA-2018-88a4219528, FEDORA-2018-ed8d7c62c9, openSUSE-SU-2018:1137-1, RHSA-2018:1199-01, RHSA-2018:1200-01, RHSA-2018:2091-01, RHSA-2018:2092-01, RHSA-2018:2093-01, RHSA-2018:2094-01, RHSA-2018:2095-01, RHSA-2018:2096-01, RHSA-2018:2097-01, SSA:2018-096-01, SUSE-SU-2018:1128-1, SUSE-SU-2018:1162-1, USN-3624-1, USN-3624-2, VIGILANCE-VUL-25780.

Description of the vulnerability

An attacker can use a vulnerability via ed of GNU patch, similar to VIGILANCE-VUL-17557, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-9234

GnuPG: privilege escalation via Key Certification

Synthesis of the vulnerability

An attacker can bypass restrictions via Key Certification of GnuPG, in order to escalate his privileges.
Impacted products: Fedora, GnuPG, Solaris, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user shell.
Creation date: 04/04/2018.
Identifiers: bulletinapr2019, CVE-2018-9234, FEDORA-2018-3fc05e009d, USN-3675-1, USN-3675-2, USN-3675-3, VIGILANCE-VUL-25772.

Description of the vulnerability

An attacker can bypass restrictions via Key Certification of GnuPG, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-9256 CVE-2018-9257 CVE-2018-9258

Wireshark: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, openSUSE Leap, Solaris, Wireshark.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 19.
Creation date: 04/04/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-166, CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9259, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274, DLA-1388-1, DLA-1634-1, DSA-4217-1, openSUSE-SU-2018:0899-1, VIGILANCE-VUL-25770, wnpa-sec-2018-15, wnpa-sec-2018-16, wnpa-sec-2018-17, wnpa-sec-2018-18, wnpa-sec-2018-19, wnpa-sec-2018-20, wnpa-sec-2018-21, wnpa-sec-2018-22, wnpa-sec-2018-23, wnpa-sec-2018-24.

Description of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0492

beep: privilege escalation via Race Condition

Synthesis of the vulnerability

An attacker can bypass restrictions via Race Condition of beep, in order to escalate his privileges.
Impacted products: Debian, Solaris.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 03/04/2018.
Identifiers: 894667, bulletinapr2018, CVE-2018-0492, DLA-1338-1, DSA-4163-1, VIGILANCE-VUL-25752.

Description of the vulnerability

An attacker can bypass restrictions via Race Condition of beep, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1000132

Mercurial: privilege escalation via Protocol Server

Synthesis of the vulnerability

An attacker can bypass restrictions via Protocol Server of Mercurial, in order to escalate his privileges.
Impacted products: Debian, openSUSE Leap, Solaris, RHEL.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 03/04/2018.
Identifiers: bulletinjan2019, CVE-2018-1000132, DLA-1331-1, DLA-1414-1, DLA-1414-2, openSUSE-SU-2018:0917-1, RHSA-2019:2276-01, VIGILANCE-VUL-25747.

Description of the vulnerability

An attacker can bypass restrictions via Protocol Server of Mercurial, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-11114

links: out-of-bounds memory reading via UTF-8 Data

Synthesis of the vulnerability

An attacker can force a read at an invalid address via UTF-8 Data of links, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, Solaris.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/03/2018.
Identifiers: bulletinjul2017, CVE-2017-11114, FEDORA-2018-2c0a92fd3d, FEDORA-2018-2ee55d77c9, openSUSE-SU-2018:0853-1, VIGILANCE-VUL-25744.

Description of the vulnerability

An attacker can force a read at an invalid address via UTF-8 Data of links, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-17742 CVE-2018-6914 CVE-2018-8777

Ruby: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Ruby.
Impacted products: Mac OS X, Debian, openSUSE Leap, Solaris, Puppet, RHEL, Slackware, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 30/03/2018.
Identifiers: bulletinjan2019, CVE-2017-17742, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780, DLA-1358-1, DLA-1359-1, DLA-1421-1, DSA-4259-1, HT208937, HT209193, openSUSE-SU-2019:1771-1, RHSA-2018:3729-01, RHSA-2018:3730-01, RHSA-2018:3731-01, RHSA-2019:2028-01, SSA:2018-088-01, SUSE-SU-2019:1804-1, USN-3626-1, USN-3685-1, VIGILANCE-VUL-25737.

Description of the vulnerability

An attacker can use several vulnerabilities of Ruby.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1061

Python: denial of service via Poplib Regular Expressions

Synthesis of the vulnerability

An attacker can generate a fatal error via Poplib Regular Expressions of Python, in order to trigger a denial of service.
Impacted products: Debian, Fedora, IBM i, openSUSE Leap, Solaris, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/03/2018.
Identifiers: bulletinjan2019, CVE-2018-1061, DLA-1519-1, DLA-1520-1, DSA-4306-1, DSA-4307-1, FEDORA-2018-a042f795b2, FEDORA-2018-aa8de9d66a, ibm10725759, openSUSE-SU-2018:2712-1, openSUSE-SU-2018:3703-1, RHSA-2018:3041-01, SSA:2018-124-01, SUSE-SU-2018:2408-1, SUSE-SU-2018:2696-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-25735.

Description of the vulnerability

An attacker can generate a fatal error via Poplib Regular Expressions of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1060

Python: denial of service via Difflib Regular Expressions

Synthesis of the vulnerability

An attacker can generate a fatal error via Difflib Regular Expressions of Python, in order to trigger a denial of service.
Impacted products: Debian, Fedora, IBM i, openSUSE Leap, Solaris, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/03/2018.
Identifiers: bulletinjan2019, CVE-2018-1060, DLA-1519-1, DLA-1520-1, DSA-4306-1, DSA-4307-1, FEDORA-2018-a042f795b2, FEDORA-2018-aa8de9d66a, ibm10725759, openSUSE-SU-2018:2712-1, openSUSE-SU-2018:3703-1, RHSA-2018:3041-01, SSA:2018-124-01, SUSE-SU-2018:2408-1, SUSE-SU-2018:2696-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-25734.

Description of the vulnerability

An attacker can generate a fatal error via Difflib Regular Expressions of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Solaris: