The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Solaris

vulnerability alert CVE-2017-17969 CVE-2018-5996

7-Zip: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of 7-Zip.
Impacted products: 7-Zip, Debian, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/01/2018.
Identifiers: bulletinjul2018, CVE-2017-17969, CVE-2018-5996, DLA-1268-1, DSA-4104-1, FEDORA-2018-29232aa760, FEDORA-2018-7edc48be11, FEDORA-2018-cd4311d4d6, FEDORA-2018-f8ad787538, openSUSE-SU-2018:0497-1, SUSE-SU-2018:0464-1, Synology-SA-18:14, USN-3913-1, VIGILANCE-VUL-25181.

Description of the vulnerability

An attacker can use several vulnerabilities of 7-Zip.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1000005 CVE-2018-1000007

curl: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libcurl.
Impacted products: OpenOffice, curl, Debian, Fedora, Rational ClearCase, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/01/2018.
Identifiers: 2014495, bulletinapr2018, CVE-2018-1000005, CVE-2018-1000007, DLA-1263-1, DSA-4098-1, FEDORA-2018-241a5a2409, FEDORA-2018-85655b12b6, JSA10874, openSUSE-SU-2018:0236-1, RHSA-2018:3157-01, RHSA-2018:3558-01, SSA:2018-024-01, USN-3554-1, USN-3554-2, VIGILANCE-VUL-25147.

Description of the vulnerability

An attacker can use several vulnerabilities of libcurl.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1000024 CVE-2018-1000027

Squid cache: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of Squid cache, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Squid, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/01/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-046, CVE-2018-1000024, CVE-2018-1000027, DLA-1266-1, DLA-1267-1, DSA-4122-1, FEDORA-2018-4fabf63492, openSUSE-SU-2018:0647-1, SQUID-2018:1, SQUID-2018:2, USN-3557-1, VIGILANCE-VUL-25134.

Description of the vulnerability

An attacker can generate a fatal error of Squid cache, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-5784

LibTIFF: denial of service

Synthesis of the vulnerability

An attacker can trigger an overuse of resources in LibTIFF, in order to trigger a denial of service.
Impacted products: Debian, Fedora, LibTIFF, openSUSE Leap, Solaris, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 22/01/2018.
Identifiers: 2772, bulletinoct2018, CVE-2018-5784, DLA-1391-1, DLA-1411-1, DSA-4349-1, FEDORA-2018-e6a51e99a4, openSUSE-SU-2018:1204-1, USN-3602-1, USN-3606-1, VIGILANCE-VUL-25132.

Description of the vulnerability

An attacker can trigger an overuse of resources in LibTIFF, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-15107

Dnsmasq: denial of service via NSEC

Synthesis of the vulnerability

An attacker can make Dnsmasq declare that a domain does not exist, because of an error in the signature check step, in order to trigger a denial of service.
Impacted products: Dnsmasq, Fedora, Solaris.
Severity: 1/4.
Consequences: client access/rights, denial of service on service.
Provenance: internet server.
Creation date: 22/01/2018.
Identifiers: bulletinjan2019, CVE-2017-15107, FEDORA-2018-9780220f7d, FEDORA-2018-fbe4017846, VIGILANCE-VUL-25130.

Description of the vulnerability

An attacker can make Dnsmasq declare that a domain does not exist, because of an error in the signature check step, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-5764

rsync: vulnerability

Synthesis of the vulnerability

A vulnerability of rsync was announced.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Ubuntu.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 19/01/2018.
Identifiers: bulletinoct2018, CVE-2018-5764, DLA-1247-1, DLA-1725-1, FEDORA-2018-034101216d, FEDORA-2018-d0ebfab3f3, openSUSE-SU-2018:0643-1, USN-3543-2, VIGILANCE-VUL-25119.

Description of the vulnerability

A vulnerability of rsync was announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3145

ISC BIND: assertion error via Fetch Cleanup Sequencing

Synthesis of the vulnerability

An attacker can force an assertion error via Fetch Cleanup Sequencing of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, BIND, Junos OS, Junos Space, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 17/01/2018.
Identifiers: bulletinjan2018, bulletinjul2018, CERTFR-2018-AVI-033, CVE-2017-3145, DSA-4089-1, FEDORA-2018-6550550774, FEDORA-2018-97bdb9ba32, JSA10873, JSA10875, JSA10917, K08613310, openSUSE-SU-2018:0323-1, RHSA-2018:0101-01, RHSA-2018:0102-01, RHSA-2018:0487-01, RHSA-2018:0488-01, SSA:2018-017-01, SUSE-SU-2018:0303-1, SUSE-SU-2018:0362-1, USN-3535-1, USN-3535-2, VIGILANCE-VUL-25087.

Description of the vulnerability

An attacker can force an assertion error via Fetch Cleanup Sequencing of ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-2560 CVE-2018-2577 CVE-2018-2578

Oracle Solaris: vulnerabilities of January 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Solaris.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 5.
Creation date: 17/01/2018.
Identifiers: CERTFR-2018-AVI-038, cpujan2018, CVE-2018-2560, CVE-2018-2577, CVE-2018-2578, CVE-2018-2710, CVE-2018-2717, VIGILANCE-VUL-25084.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-2562 CVE-2018-2565 CVE-2018-2573

Oracle MySQL: vulnerabilities of January 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE Leap, Solaris, Percona Server, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 21.
Creation date: 17/01/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-037, cpujan2018, CVE-2018-2562, CVE-2018-2565, CVE-2018-2573, CVE-2018-2576, CVE-2018-2583, CVE-2018-2585, CVE-2018-2586, CVE-2018-2590, CVE-2018-2591, CVE-2018-2600, CVE-2018-2612, CVE-2018-2622, CVE-2018-2640, CVE-2018-2645, CVE-2018-2646, CVE-2018-2647, CVE-2018-2665, CVE-2018-2667, CVE-2018-2668, CVE-2018-2696, CVE-2018-2703, DLA-1250-1, DLA-1407-1, DSA-4091-1, DSA-4341-1, FEDORA-2018-00647ae0d5, FEDORA-2018-02c0e3725e, FEDORA-2018-394bf4fb5a, FEDORA-2018-d553b29a30, openSUSE-SU-2018:0223-1, openSUSE-SU-2018:0730-1, RHSA-2018:0586-01, RHSA-2018:0587-01, RHSA-2018:2439-01, RHSA-2019:1258-01, SUSE-SU-2018:0697-1, SUSE-SU-2018:0698-1, USN-3537-1, USN-3537-2, VIGILANCE-VUL-25083.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-5702

Transmission: code execution via RPC

Synthesis of the vulnerability

An attacker can use a vulnerability via RPC of Transmission, in order to run code.
Impacted products: Debian, Fedora, Solaris, Ubuntu.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet server.
Creation date: 15/01/2018.
Identifiers: bulletinapr2018, CVE-2018-5702, DLA-1246-1, DSA-4087-1, FEDORA-2018-499a02cc9d, FEDORA-2018-b166805347, FEDORA-2018-d1e263e68e, USN-3533-1, VIGILANCE-VUL-25038.

Description of the vulnerability

An attacker can use a vulnerability via RPC of Transmission, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Solaris: