The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Sun Solaris

computer vulnerability CVE-2016-9586 CVE-2016-9952 CVE-2016-9953

cURL: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of cURL.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, curl, Debian, Unisphere EMC, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/12/2016.
Identifiers: APPLE-SA-2017-07-19-2, cpuoct2018, CVE-2016-9586, CVE-2016-9952, CVE-2016-9953, DLA-1568-1, DLA-767-1, DSA-2019-114, FEDORA-2016-86d2b5aefb, FEDORA-2016-edbb33ab2e, HT207615, HT207922, JSA10874, openSUSE-SU-2017:1105-1, RHSA-2018:3558-01, STORM-2019-002, USN-3441-1, USN-3441-2, VIGILANCE-VUL-21435.

Description of the vulnerability

Several vulnerabilities were announced in cURL.

An attacker can generate a buffer overflow via float numbers, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-9586]

On WinCE platforms, an attacker can tamper with X.501 names in the X.509 certificate validation process, in order to spoof a server. [severity:2/4; CVE-2016-9952]

On WinCE platforms, an attacker can raise a read only buffer overflow in the X.509 certificate validation process, in order to read the server process memory or crash it. [severity:2/4; CVE-2016-9953]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-10009 CVE-2016-10010 CVE-2016-10011

OpenSSH: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSH.
Impacted products: Mac OS X, Blue Coat CAS, Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, SRX-Series, McAfee Email Gateway, Data ONTAP 7-Mode, OpenSSH, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 19/12/2016.
Identifiers: 1009, 1010, bulletinapr2017, CERTFR-2019-AVI-325, CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, DLA-1500-1, DLA-1500-2, DSA-2019-131, FEDORA-2017-4767e2991d, FreeBSD-SA-17:01.openssh, HPESBUX03818, HT207615, JSA10880, JSA10940, K24324390, K31440025, K62201745, K64292204, NTAP-20171130-0002, openSUSE-SU-2017:0344-1, openSUSE-SU-2017:0674-1, pfSense-SA-17_03.webgui, RHSA-2017:2029-01, SA144, SSA-181018, SSA:2016-358-02, SUSE-SU-2018:2275-1, SUSE-SU-2018:2685-1, SUSE-SU-2018:3540-1, USN-3538-1, VIGILANCE-VUL-21419.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSH.

An attacker can bypass security features via ssh-agent, in order to escalate his privileges. [severity:2/4; CVE-2016-10009]

An attacker can bypass security features via Unix Domain Sockets, in order to escalate his privileges. [severity:2/4; CVE-2016-10010]

An attacker can bypass security features via Privilege-separated Child realloc(), in order to obtain sensitive information. [severity:1/4; CVE-2016-10011]

An attacker can generate a buffer overflow via Pre-authentication Compression, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-10012]

An attacker can bypass security features via AllowUser/DenyUsers Address Ranges, in order to escalate his privileges. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-9422 CVE-2016-9423 CVE-2016-9424

w3m: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of w3m.
Impacted products: Fedora, openSUSE Leap, Solaris, Ubuntu.
Severity: 2/4.
Consequences: client access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 34.
Creation date: 14/12/2016.
Identifiers: bulletinoct2016, CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425, CVE-2016-9426, CVE-2016-9428, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9621-REJECT, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629, CVE-2016-9630, CVE-2016-9631, CVE-2016-9632, CVE-2016-9633, FEDORA-2016-76d9809fd4, FEDORA-2016-87dc28b1a0, FEDORA-2017-2e6b693937, FEDORA-2017-783e8fa63e, openSUSE-SU-2016:3121-1, USN-3214-1, VIGILANCE-VUL-21385.

Description of the vulnerability

An attacker can use several vulnerabilities of w3m (NULL pointer dereferences, buffer overflows, uses of unintialized values).
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-9080 CVE-2016-9893 CVE-2016-9894

Mozilla Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, NetBSD, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, client access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 14/12/2016.
Identifiers: bulletinjan2017, CERTFR-2016-AVI-412, CERTFR-2016-AVI-431, CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903, CVE-2016-9904, CVE-2016-9905, DLA-743-1, DLA-782-1, DSA-3734-1, DSA-3757-1, FEDORA-2016-2bca1021a3, FEDORA-2016-55f912fcdc, FEDORA-2016-85eae56259, FEDORA-2016-bd94ef48c8, FEDORA-2016-f115a880a6, FEDORA-2017-7af4c910c2, FEDORA-2017-7c870ccc88, MFSA-2016-94, MFSA-2016-95, MFSA-2016-96, openSUSE-SU-2016:3184-1, openSUSE-SU-2016:3307-1, openSUSE-SU-2016:3308-1, openSUSE-SU-2016:3310-1, openSUSE-SU-2017:0026-1, RHSA-2016:2946-01, RHSA-2016:2973-01, SSA:2016-348-01, SSA:2016-365-02, SSA:2016-365-03, SUSE-SU-2016:3210-1, SUSE-SU-2016:3222-1, SUSE-SU-2016:3223-1, USN-3155-1, USN-3165-1, VIGILANCE-VUL-21369.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla Firefox.

An attacker can generate a buffer overflow via SkiaGL, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-9894]

An attacker can force the usage of a freed memory area via the DOM interface, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-9899]

An attacker can bypass security features via a "marquee" element, in order to escalate his privileges. [severity:3/4; CVE-2016-9895]

An attacker can force the usage of a freed memory area via WebVR, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9896]

An attacker can generate a memory corruption via libGLES, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9897]

An attacker can force the usage of a freed memory area via DOM, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9898]

An attacker can bypass security features via URLs if type "data", in order to escalate his privileges. [severity:3/4; CVE-2016-9900]

An attacker can bypass the origin check via a timing attack, in order to access to victim's data. [severity:2/4; CVE-2016-9904]

An attacker can bypass security features via the Pocket service, in order to escalate his privileges. [severity:2/4; CVE-2016-9901]

An attacker can bypass the origin check via the Pocket extension, in order to access to victim's data. [severity:2/4; CVE-2016-9902]

An attacker can trigger a Cross Site Scripting via SDK, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-9903]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-9080]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-9893]

An attacker can generate a buffer overflow via EnumerateSubDocuments, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9905]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-9913 CVE-2016-9844

UnZip: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of UnZip, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/12/2016.
Identifiers: bulletinjul2017, CVE-2014-9913, CVE-2016-9844, DLA-741-1, FEDORA-2016-3b4de2babd, FEDORA-2016-80a2fba8aa, openSUSE-SU-2018:3043-1, SSA:2019-060-01, SUSE-SU-2018:2978-1, VIGILANCE-VUL-21364.

Description of the vulnerability

An attacker can generate a buffer overflow of UnZip, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-7053 CVE-2016-7054 CVE-2016-7055

OpenSSL 1.1: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 1.1.
Impacted products: Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Wireless Controller, NetWorker, VNX Operating Environment, VNX Series, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, IRAD, Tivoli Storage Manager, Junos OS, Juniper Network Connect, NSM Central Manager, NSMXpress, SRX-Series, MySQL Community, MySQL Enterprise, Data ONTAP 7-Mode, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, WebLogic, Oracle Web Tier, Percona Server, pfSense, Pulse Connect Secure, Pulse Secure Client.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 10/11/2016.
Revision date: 13/12/2016.
Identifiers: 2004036, 2004940, 2011567, 492284, 492616, bulletinapr2017, CERTFR-2018-AVI-343, cisco-sa-20161114-openssl, cpuapr2019, cpujan2018, cpujul2017, CVE-2016-7053, CVE-2016-7054, CVE-2016-7055, ESA-2016-148, ESA-2016-149, FG-IR-17-019, JSA10775, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2018:0458-1, SA40423, VIGILANCE-VUL-21093.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 1.1.

An attacker can generate a buffer overflow via ChaCha20/Poly1305, in order to trigger a denial of service. [severity:2/4; CVE-2016-7054]

An attacker can force a NULL pointer to be dereferenced via CMS Structures, in order to trigger a denial of service. [severity:2/4; CVE-2016-7053]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-9935 CVE-2016-9936

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Mac OS X, Debian, openSUSE, openSUSE Leap, Solaris, PHP, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 08/12/2016.
Identifiers: 61183, 71494, 72978, 73087, 73392, 73631, bulletinjul2017, CVE-2016-9935, CVE-2016-9936, DLA-818-1, DSA-3737-1, HT207615, openSUSE-SU-2016:3239-1, openSUSE-SU-2017:0061-1, openSUSE-SU-2017:0081-1, openSUSE-SU-2017:0598-1, RHSA-2018:1296-01, SSA:2016-347-03, USN-3196-1, USN-3211-1, USN-3211-2, VIGILANCE-VUL-21327.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An attacker can create a memory leak via Spl Hash, in order to trigger a denial of service. [severity:1/4]

An attacker can generate an integer overflow via Calendar, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can force the usage of a freed memory area via Zend Allocator Management, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 73392]

An attacker can generate a memory corruption via PDO_Firebird bindParam, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 61183, 71494, 73087]

An attacker can create a memory leak via wddx, in order to trigger a denial of service. [severity:1/4; 73631, CVE-2016-9935]

An unknown vulnerability was announced via wddx. [severity:2/4; 73631, CVE-2016-9935]

An attacker can force the usage of a freed memory area via unserialize(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72978, CVE-2016-9936]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-9811

GStreamer Plugin: out-of-bounds memory reading

Synthesis of the vulnerability

An attacker can force a read at an invalid address of GStreamer Plugin, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, RHEL, Ubuntu.
Severity: 1/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 08/12/2016.
Identifiers: bulletinjul2018, CVE-2016-9811, DLA-735-1, DSA-3819-1, FEDORA-2016-4c8140241f, FEDORA-2016-4fff0cbc66, FEDORA-2016-a17657197c, openSUSE-SU-2017:0145-1, openSUSE-SU-2017:0148-1, openSUSE-SU-2017:0161-1, openSUSE-SU-2017:0311-1, openSUSE-SU-2017:0325-1, RHSA-2017:2060-01, USN-3244-1, VIGILANCE-VUL-21303.

Description of the vulnerability

An attacker can force a read at an invalid address of GStreamer Plugin, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-9840 CVE-2016-9841 CVE-2016-9842

zlib: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of zlib.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, AIX, DB2 UDB, Domino, MQSeries, Notes, Security Directory Server, SPSS Statistics, Kubernetes, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, Oracle OIT, Solaris, Percona Server, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Nessus, zlib.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 05/12/2016.
Identifiers: 1997877, 2001520, 2003212, 2004735, 2005160, 2005255, 2006014, 2006017, 2007242, 2010282, 2011648, 2014202, APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, bulletinapr2017, bulletinoct2018, CERTFR-2018-AVI-288, cpujul2018, cpuoct2017, cpuoct2018, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, DLA-1725-1, FEDORA-2018-242f6c1a41, FEDORA-2018-55b875c1ac, HT208144, ibm10718843, openSUSE-SU-2016:3202-1, openSUSE-SU-2017:0077-1, openSUSE-SU-2017:0080-1, openSUSE-SU-2017:2998-1, openSUSE-SU-2018:0042-1, openSUSE-SU-2018:3478-1, openSUSE-SU-2019:0327-1, RHSA-2017:1220-01, RHSA-2017:1221-01, RHSA-2017:1222-01, RHSA-2017:2999-01, RHSA-2017:3046-01, RHSA-2017:3047-01, SSA:2018-309-01, SUSE-SU-2017:1384-1, SUSE-SU-2017:1386-1, SUSE-SU-2017:1387-1, SUSE-SU-2017:1444-1, SUSE-SU-2017:2989-1, SUSE-SU-2017:3369-1, SUSE-SU-2017:3411-1, SUSE-SU-2017:3440-1, SUSE-SU-2017:3455-1, SUSE-SU-2018:0005-1, SUSE-SU-2018:3542-1, SUSE-SU-2018:3972-1, SUSE-SU-2018:4211-1, SUSE-SU-2019:0119-1, SUSE-SU-2019:0555-1, SUSE-SU-2019:2048-1, TNS-2018-08, VIGILANCE-VUL-21262.

Description of the vulnerability

Several vulnerabilities were announced in zlib.

An attacker can generate a memory corruption via Deflate External Linkage, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

A pointer error may have a consequence. [severity:1/4]

An attacker can force a read at an invalid address via inftrees.c, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-9840, CVE-2016-9841]

A negative number shift is undefined. [severity:1/4; CVE-2016-9842]

An attacker can force a read at an invalid address via Big-endian Pointer, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-9843]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-9079

Firefox, Thunderbird: use after free via SVG Animation

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via a SVG animation on Firefox or Thunderbird, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, NetBSD, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 01/12/2016.
Identifiers: bulletinjan2017, CERTFR-2016-AVI-392, CVE-2016-9079, DLA-752-1, DSA-3728-1, DSA-3730-1, FEDORA-2016-0bfa836087, FEDORA-2016-2967f5f965, FEDORA-2016-5748592807, FEDORA-2016-d2cbcd602d, FEDORA-2016-fde083842e, MFSA-2016-92, openSUSE-SU-2016:2991-1, openSUSE-SU-2016:2994-1, openSUSE-SU-2016:3011-1, openSUSE-SU-2016:3019-1, RHSA-2016:2843-01, RHSA-2016:2850-01, SSA:2016-336-01, SSA:2016-336-02, SUSE-SU-2016:3048-1, SUSE-SU-2016:3080-1, SUSE-SU-2016:3105-1, USN-3140-1, USN-3141-1, VIGILANCE-VUL-21244, VU#791496.

Description of the vulnerability

An attacker can force the usage of a freed memory area via a SVG animation on Firefox or Thunderbird, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Sun Solaris: