The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Unix (platform) ~ not comprehensive

computer vulnerability announce CVE-2019-5736

runc: code execution via FS Descriptors Container Escape

Synthesis of the vulnerability

An attacker can use a vulnerability via FS Descriptors Container Escape of runc, in order to run code.
Impacted products: Docker CE, Fedora, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 11/02/2019.
Identifiers: CVE-2019-5736, FEDORA-2019-352d4b9cd8, FEDORA-2019-3f19f13ecd, FEDORA-2019-4dc1e39b34, FEDORA-2019-829524f28f, FEDORA-2019-963ea958f9, FEDORA-2019-a5f616808e, FEDORA-2019-df2e68aa6b, FEDORA-2019-f455ef79b8, openSUSE-SU-2019:0170-1, openSUSE-SU-2019:0201-1, openSUSE-SU-2019:0208-1, openSUSE-SU-2019:0252-1, openSUSE-SU-2019:0295-1, openSUSE-SU-2019:1079-1, openSUSE-SU-2019:1227-1, openSUSE-SU-2019:1230-1, RHSA-2019:0303-01, RHSA-2019:0304-01, SSA:2019-043-01, SUSE-SU-2019:0362-1, SUSE-SU-2019:0495-1, SUSE-SU-2019:0573-1, Synology-SA-19:06, VIGILANCE-VUL-28477.

Description of the vulnerability

An attacker can use a vulnerability via FS Descriptors Container Escape of runc, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-18264

Kubernetes Dashboard: privilege escalation via Service Account

Synthesis of the vulnerability

An attacker can bypass restrictions via Service Account of Kubernetes Dashboard, in order to escalate his privileges.
Impacted products: Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 07/01/2019.
Identifiers: CVE-2018-18264, VIGILANCE-VUL-28174.

Description of the vulnerability

An attacker can bypass restrictions via Service Account of Kubernetes Dashboard, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-14423

OpenJPEG: denial of service via pi_next_pcrl

Synthesis of the vulnerability

An attacker can trigger a fatal error via pi_next_pcrl() of OpenJPEG, in order to trigger a denial of service.
Impacted products: Debian, Slackware, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 27/12/2018.
Identifiers: CVE-2018-14423, DLA-1614-1, DSA-4405-1, SSA:2019-095-01, VIGILANCE-VUL-28081.

Description of the vulnerability

An attacker can trigger a fatal error via pi_next_pcrl() of OpenJPEG, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-6616

OpenJPEG: infinite loop via opj_t1_encode_cblks

Synthesis of the vulnerability

An attacker can trigger an infinite loop via opj_t1_encode_cblks() of OpenJPEG, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Slackware, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 27/12/2018.
Identifiers: CVE-2018-6616, DLA-1614-1, DSA-4405-1, FEDORA-2018-200c84e08a, FEDORA-2018-87c15da28c, SSA:2019-095-01, VIGILANCE-VUL-28080.

Description of the vulnerability

An attacker can trigger an infinite loop via opj_t1_encode_cblks() of OpenJPEG, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-15332

F5 BIG-IP APM Client: privilege escalation via Linux/macOS

Synthesis of the vulnerability

An attacker can bypass restrictions via Linux/macOS of F5 BIG-IP APM Client, in order to escalate his privileges.
Impacted products: TMOS, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, data reading, data creation/edition.
Provenance: user shell.
Creation date: 06/12/2018.
Identifiers: CVE-2018-15332, K12130880, VIGILANCE-VUL-27970.

Description of the vulnerability

An attacker can bypass restrictions via Linux/macOS of F5 BIG-IP APM Client, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-18088

OpenJPEG: NULL pointer dereference via imagetopnm

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via imagetopnm() of OpenJPEG, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Slackware, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/11/2018.
Identifiers: CVE-2018-18088, DLA-1579-1, DSA-4405-1, FEDORA-2018-200c84e08a, FEDORA-2018-87c15da28c, SSA:2019-095-01, VIGILANCE-VUL-27829.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via imagetopnm() of OpenJPEG, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-12037 CVE-2018-12038

SSD drives: information disclosure via Self Encrypting Password Weaknesses

Synthesis of the vulnerability

An attacker can decrypt data of some SSD drives (Crucial, Micron and Samsung were tested), by using either a Master Password or a weakness in the password management.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows RT, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: physical access.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/11/2018.
Identifiers: ADV180028, CVE-2018-12037, CVE-2018-12038, VIGILANCE-VUL-27724, VU#395981.

Description of the vulnerability

An attacker can decrypt data of some SSD drives (Crucial, Micron and Samsung were tested), by using either a Master Password or a weakness in the password management.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-5407

Intel processors: information disclosure via SMT/Hyper-Threading PortSmash

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SMT/Hyper-Threading PortSmash on an Intel processor, in order to obtain sensitive information.
Impacted products: Debian, Avamar, BIG-IP Hardware, TMOS, AIX, IRAD, MariaDB ~ precise, Windows (platform) ~ not comprehensive, MySQL Community, MySQL Enterprise, OpenBSD, OpenSSL, openSUSE Leap, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, Percona Server, XtraBackup, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 05/11/2018.
Identifiers: 530514, bulletinjan2019, cpuapr2019, cpujan2019, CVE-2018-5407, DSA-2018-030, DSA-4348-1, DSA-4355-1, ibm10794537, K49711130, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0234-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, SUSE-SU-2019:0395-1, USN-3840-1, VIGILANCE-VUL-27667.

Description of the vulnerability

An attacker can bypass access restrictions to data via SMT/Hyper-Threading PortSmash on an Intel processor, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-5785

OpenJPEG: integer overflow via opj_j2k_setup_encoder

Synthesis of the vulnerability

An attacker can generate an integer overflow via opj_j2k_setup_encoder() of OpenJPEG, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Slackware, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/10/2018.
Identifiers: CVE-2018-5785, DSA-4405-1, FEDORA-2018-64d64bd05e, FEDORA-2018-a71b957c50, SSA:2019-095-01, VIGILANCE-VUL-27496.

Description of the vulnerability

An attacker can generate an integer overflow via opj_j2k_setup_encoder() of OpenJPEG, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-12148 CVE-2018-12149 CVE-2018-12150

Intel processors: multiple vulnerabilities of September 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Intel processors.
Impacted products: HP ProLiant, Windows (platform) ~ not comprehensive, SIMATIC, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, data reading, denial of service on server.
Provenance: user console.
Number of vulnerabilities in this bulletin: 19.
Creation date: 12/09/2018.
Revision date: 12/09/2018.
Identifiers: CERTFR-2018-AVI-432, CERTFR-2019-AVI-052, CVE-2018-12148, CVE-2018-12149, CVE-2018-12150, CVE-2018-12151, CVE-2018-12160, CVE-2018-12162, CVE-2018-12163, CVE-2018-12171, CVE-2018-12175, CVE-2018-12176, CVE-2018-3616, CVE-2018-3643, CVE-2018-3655, CVE-2018-3657, CVE-2018-3658, CVE-2018-3659, CVE-2018-3669, CVE-2018-3679, CVE-2018-3686, HPESBHF03876, INTEL-SA-00119, INTEL-SA-00125, INTEL-SA-00131, INTEL-SA-00141, INTEL-SA-00142, INTEL-SA-00143, INTEL-SA-00148, INTEL-SA-00149, INTEL-SA-00162, INTEL-SA-00165, INTEL-SA-00170, INTEL-SA-00172, INTEL-SA-00173, INTEL-SA-00176, INTEL-SA-00177, INTEL-SA-00181, SSA-377318, VIGILANCE-VUL-27221.

Description of the vulnerability

An attacker can use several vulnerabilities of Intel processors.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.