The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Unix - platform ~ not comprehensive

security threat 26609

Apache Ant: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Apache Ant, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Severity: 2/4.
Creation date: 04/07/2018.
Identifiers: CVE-2018-10886-REJECTERROR, DLA-1431-1, DLA-1457-1, DSA-4255-1, FEDORA-2018-4943b0505b, FEDORA-2018-cba3ccd747, openSUSE-SU-2018:2895-1, SUSE-SU-2018:2789-1, SUSE-SU-2018:2838-1, SUSE-SU-2018:2866-1, USN-3721-1, VIGILANCE-VUL-26609.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories of Apache Ant, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2018-0618

Mailman: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Mailman, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 02/07/2018.
Identifiers: CVE-2018-0618, DLA-1442-1, DLA-1442-2, DSA-4246-1, FEDORA-2018-f8fd4c5798, JVN#00846677, openSUSE-SU-2018:1858-1, SUSE-SU-2018:4296-1, SUSE-SU-2019:13924-1, VIGILANCE-VUL-26594.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Mailman product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Mailman, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2018-0495

Libgcrypt: information disclosure via ECDSA Signatures Side-channel Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Signatures Side-channel Attack of Libgcrypt, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 14/06/2018.
Identifiers: bulletinjan2019, bulletinjul2018, cpuapr2019, CVE-2018-0495, DLA-1405-1, DSA-4231-1, FEDORA-2018-98ab6b4e56, openSUSE-SU-2018:2122-1, openSUSE-SU-2018:2178-1, openSUSE-SU-2018:4283-1, RHSA-2018:3221-01, RHSA-2019:2237-01, SUSE-SU-2018:1993-1, SUSE-SU-2018:2089-1, SUSE-SU-2018:2452-2, SUSE-SU-2018:4235-1, SUSE-SU-2018:4236-1, USN-3689-1, USN-3689-2, USN-3692-1, USN-3692-2, USN-3850-1, USN-3850-2, VIGILANCE-VUL-26425.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Signatures Side-channel Attack of Libgcrypt, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2017-12942

UnRAR: buffer overflow via Unpack-LongLZ

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Unpack::LongLZ() of UnRAR, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 13/06/2018.
Identifiers: CVE-2017-12942, SB10241, VIGILANCE-VUL-26409.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via Unpack::LongLZ() of UnRAR, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2017-12941

UnRAR: out-of-bounds memory reading via Unpack-Unpack20

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Unpack::Unpack20() of UnRAR, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 13/06/2018.
Identifiers: CVE-2017-12941, SB10241, VIGILANCE-VUL-26408.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via Unpack::Unpack20() of UnRAR, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-12940

UnRAR: out-of-bounds memory reading via EncodeFileName-Decode

Synthesis of the vulnerability

An attacker can force a read at an invalid address via EncodeFileName::Decode() of UnRAR, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 13/06/2018.
Identifiers: CVE-2017-12940, SB10241, VIGILANCE-VUL-26407.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via EncodeFileName::Decode() of UnRAR, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2018-1002200

Plexus Archiver: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Plexus Archiver, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Severity: 2/4.
Creation date: 13/06/2018.
Identifiers: CVE-2018-1002200, DSA-4227-1, FEDORA-2018-6c55e1f79c, FEDORA-2018-7a9a2f6ec0, RHSA-2018:1836-01, RHSA-2018:1837-01, VIGILANCE-VUL-26398.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories of Plexus Archiver, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2018-1002200 CVE-2018-1002201 CVE-2018-1002202

Multiple products: directory traversal via Zip Slip

Synthesis of the vulnerability

An attacker can traverse directories via the Zip Slip family attack, in order to write a file outside the service root path.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 10.
Creation date: 08/06/2018.
Identifiers: CVE-2018-1002200, CVE-2018-1002201, CVE-2018-1002202, CVE-2018-1002203, CVE-2018-1002205, CVE-2018-1002206, CVE-2018-1002207, CVE-2018-1261, CVE-2018-1263, CVE-2018-8008, VIGILANCE-VUL-26357.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories via the Zip Slip family attack, in order to write a file outside the service root path.

This bulletin is a hat bulletin. Tracked products have they own bulletins in the "Pointed by" list.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2017-17480

OpenJPEG2: buffer overflow via pgxtovolume

Synthesis of the vulnerability

An attacker can generate a buffer overflow via pgxtovolume() of OpenJPEG2, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 22/05/2018.
Identifiers: CVE-2017-17480, DLA-1579-1, DSA-4405-1, openSUSE-SU-2018:1381-1, SSA:2019-095-01, SUSE-SU-2018:1364-1, USN-4109-1, VIGILANCE-VUL-26192.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via pgxtovolume() of OpenJPEG2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-17479

OpenJPEG2: buffer overflow via pgxtoimage

Synthesis of the vulnerability

An attacker can generate a buffer overflow via pgxtoimage() of OpenJPEG2, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/05/2018.
Identifiers: CVE-2017-171479-ERROR, CVE-2017-17479, openSUSE-SU-2018:1381-1, SSA:2019-095-01, SUSE-SU-2018:1364-1, VIGILANCE-VUL-26191.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via pgxtoimage() of OpenJPEG2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.