The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Unix (platform) ~ not comprehensive

vulnerability note CVE-2018-12019

Enigmail: creation of fake status messages

Synthesis of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 14/06/2018.
Revision date: 02/05/2019.
Identifiers: CVE-2018-12019, FEDORA-2018-a4bb79ea75, FEDORA-2018-fd67c19256, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, SUSE-SU-2018:2243-1, VIGILANCE-VUL-26424.

Description of the vulnerability

An attacker can create fake status messages in Enigmail, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-12020

GnuPG: creation of fake status messages

Synthesis of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Debian, Fedora, GnuPG, Junos Space, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 08/06/2018.
Revision date: 02/05/2019.
Identifiers: bulletinjul2018, CVE-2018-12020, DSA-4222-1, DSA-4223-1, FEDORA-2018-4ef71d3525, FEDORA-2018-69780fc4d7, FEDORA-2018-a4e13742b4, JSA10917, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, openSUSE-SU-2018:1722-1, openSUSE-SU-2018:1724-1, RHSA-2018:2180-01, RHSA-2018:2181-01, SSA:2018-159-01, SSA:2018-170-01, SUSE-SU-2018:1696-1, SUSE-SU-2018:1698-1, SUSE-SU-2018:2243-1, T4012, USN-3675-1, USN-3675-2, USN-3675-3, USN-3964-1, VIGILANCE-VUL-26364.

Description of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-9628

XMLTooling: denial of service via Malformed XML Declaration

Synthesis of the vulnerability

An attacker can trigger a fatal error via Malformed XML Declaration of XMLTooling, in order to trigger a denial of service.
Impacted products: Debian, OpenSAML-C, openSUSE Leap, Shibboleth SP, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 11/03/2019.
Identifiers: CVE-2019-9628, DLA-1710-1, DSA-4407-1, openSUSE-SU-2019:1235-1, openSUSE-SU-2019:1276-1, SUSE-SU-2019:0928-1, SUSE-SU-2019:0929-1, USN-3921-1, VIGILANCE-VUL-28709.

Description of the vulnerability

An attacker can trigger a fatal error via Malformed XML Declaration of XMLTooling, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-5736

runc: code execution via FS Descriptors Container Escape

Synthesis of the vulnerability

An attacker can use a vulnerability via FS Descriptors Container Escape of runc, in order to run code.
Impacted products: Docker CE, Fedora, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 11/02/2019.
Identifiers: CVE-2019-5736, FEDORA-2019-352d4b9cd8, FEDORA-2019-3f19f13ecd, FEDORA-2019-4dc1e39b34, FEDORA-2019-6174b47003, FEDORA-2019-829524f28f, FEDORA-2019-963ea958f9, FEDORA-2019-a5f616808e, FEDORA-2019-bc70b381ad, FEDORA-2019-df2e68aa6b, FEDORA-2019-f455ef79b8, openSUSE-SU-2019:0170-1, openSUSE-SU-2019:0201-1, openSUSE-SU-2019:0208-1, openSUSE-SU-2019:0252-1, openSUSE-SU-2019:0295-1, openSUSE-SU-2019:1079-1, openSUSE-SU-2019:1227-1, openSUSE-SU-2019:1230-1, openSUSE-SU-2019:1275-1, openSUSE-SU-2019:1444-1, openSUSE-SU-2019:1481-1, openSUSE-SU-2019:1499-1, openSUSE-SU-2019:1506-1, RHSA-2019:0303-01, RHSA-2019:0304-01, SSA:2019-043-01, SUSE-SU-2019:0362-1, SUSE-SU-2019:0495-1, SUSE-SU-2019:0573-1, SUSE-SU-2019:1234-1, SUSE-SU-2019:1234-2, SUSE-SU-2019:1264-1, Synology-SA-19:06, VIGILANCE-VUL-28477.

Description of the vulnerability

An attacker can use a vulnerability via FS Descriptors Container Escape of runc, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-18264

Kubernetes Dashboard: privilege escalation via Service Account

Synthesis of the vulnerability

An attacker can bypass restrictions via Service Account of Kubernetes Dashboard, in order to escalate his privileges.
Impacted products: Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 07/01/2019.
Identifiers: CVE-2018-18264, VIGILANCE-VUL-28174.

Description of the vulnerability

An attacker can bypass restrictions via Service Account of Kubernetes Dashboard, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-14423

OpenJPEG: denial of service via pi_next_pcrl

Synthesis of the vulnerability

An attacker can trigger a fatal error via pi_next_pcrl() of OpenJPEG, in order to trigger a denial of service.
Impacted products: Debian, Slackware, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 27/12/2018.
Identifiers: CVE-2018-14423, DLA-1614-1, DSA-4405-1, SSA:2019-095-01, VIGILANCE-VUL-28081.

Description of the vulnerability

An attacker can trigger a fatal error via pi_next_pcrl() of OpenJPEG, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-6616

OpenJPEG: infinite loop via opj_t1_encode_cblks

Synthesis of the vulnerability

An attacker can trigger an infinite loop via opj_t1_encode_cblks() of OpenJPEG, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Slackware, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 27/12/2018.
Identifiers: CVE-2018-6616, DLA-1614-1, DSA-4405-1, FEDORA-2018-200c84e08a, FEDORA-2018-87c15da28c, SSA:2019-095-01, VIGILANCE-VUL-28080.

Description of the vulnerability

An attacker can trigger an infinite loop via opj_t1_encode_cblks() of OpenJPEG, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-15332

F5 BIG-IP APM Client: privilege escalation via Linux/macOS

Synthesis of the vulnerability

An attacker can bypass restrictions via Linux/macOS of F5 BIG-IP APM Client, in order to escalate his privileges.
Impacted products: TMOS, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, data reading, data creation/edition.
Provenance: user shell.
Creation date: 06/12/2018.
Identifiers: CVE-2018-15332, K12130880, VIGILANCE-VUL-27970.

Description of the vulnerability

An attacker can bypass restrictions via Linux/macOS of F5 BIG-IP APM Client, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-18088

OpenJPEG: NULL pointer dereference via imagetopnm

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via imagetopnm() of OpenJPEG, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Slackware, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/11/2018.
Identifiers: CVE-2018-18088, DLA-1579-1, DSA-4405-1, FEDORA-2018-200c84e08a, FEDORA-2018-87c15da28c, SSA:2019-095-01, VIGILANCE-VUL-27829.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via imagetopnm() of OpenJPEG, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-12037 CVE-2018-12038

SSD drives: information disclosure via Self Encrypting Password Weaknesses

Synthesis of the vulnerability

An attacker can decrypt data of some SSD drives (Crucial, Micron and Samsung were tested), by using either a Master Password or a weakness in the password management.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows RT, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: physical access.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/11/2018.
Identifiers: ADV180028, CVE-2018-12037, CVE-2018-12038, VIGILANCE-VUL-27724, VU#395981.

Description of the vulnerability

An attacker can decrypt data of some SSD drives (Crucial, Micron and Samsung were tested), by using either a Master Password or a weakness in the password management.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.