| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Unix - platform ~ not comprehensive
TLS: information disclosure via ROBOT Attack
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via ROBOT Attack of TLS, in order to obtain sensitive information.
Impacted products: Bouncy Castle JCE, Cisco ACE, BIG-IP Hardware, TMOS, Mule ESB, Java OpenJDK, Java Oracle, Palo Alto Firewall PA***, PAN-OS, RabbitMQ, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 13/12/2017.
Identifiers: CERTFR-2017-ALE-020, cisco-sa-20171212-bleichenbacher, CSCvg74693, CTX230238, K21905460, PAN-SA-2017-0032, ROBOT Attack, VIGILANCE-VUL-24749, VU#144389.
Description of the vulnerability
An attacker can bypass access restrictions to data via ROBOT Attack of TLS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Tor: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Tor.
Impacted products: Debian, Fedora, Windows (platform) ~ not comprehensive, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 04/12/2017.
Identifiers: CVE-2017-8819, CVE-2017-8820, CVE-2017-8821, CVE-2017-8822, CVE-2017-8823, DSA-4054-1, FEDORA-2017-bc2edc421d, FEDORA-2017-bce9e03721, openSUSE-SU-2017:3201-1, openSUSE-SU-2017:3203-1, VIGILANCE-VUL-24616.
Description of the vulnerability
An attacker can use several vulnerabilities of Tor.
Full Vigil@nce bulletin... (Free trial) |
WPA2: information disclosure via Key Reinstallation Attacks
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Impacted products: SNS, iOS by Apple, iPhone, Mac OS X, ArubaOS, Cisco Aironet, Cisco AnyConnect Secure Mobility Client, ASA, Meraki MR***, Cisco IP Phone, Cisco Wireless IP Phone, Debian, Fedora, FortiGate, FortiOS, FreeBSD, Android OS, Junos OS, SSG, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, openSUSE Leap, pfSense, 802.11 protocol, RHEL, RuggedSwitch, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: data reading.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 10.
Creation date: 16/10/2017.
Identifiers: ARUBA-PSA-2017-007, CERTFR-2017-ALE-014, CERTFR-2017-AVI-357, CERTFR-2017-AVI-358, CERTFR-2017-AVI-359, CERTFR-2017-AVI-360, CERTFR-2017-AVI-361, CERTFR-2017-AVI-363, CERTFR-2017-AVI-373, CERTFR-2017-AVI-379, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-441, CERTFR-2017-AVI-478, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, cisco-sa-20171016-wpa, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088, DLA-1150-1, DLA-1200-1, DLA-1573-1, DSA-3999-1, FEDORA-2017-12e76e8364, FEDORA-2017-45044b6b33, FEDORA-2017-60bfb576b7, FEDORA-2017-cfb950d8f4, FEDORA-2017-fc21e3856b, FG-IR-17-196, FreeBSD-SA-17:07.wpa, HT208221, HT208222, HT208334, HT208394, JSA10827, K-511282, KRACK Attacks, openSUSE-SU-2017:2755-1, openSUSE-SU-2017:2846-1, openSUSE-SU-2017:2896-1, openSUSE-SU-2017:2905-1, openSUSE-SU-2017:3144-1, RHSA-2017:2907-01, RHSA-2017:2911-01, SSA:2017-291-02, SSA-418456, SSA-901333, STORM-2017-005, SUSE-SU-2017:2745-1, SUSE-SU-2017:2752-1, SUSE-SU-2017:2847-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:3106-1, SUSE-SU-2017:3165-1, SUSE-SU-2017:3265-1, SUSE-SU-2017:3267-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, Synology-SA-17:60, Synology-SA-17:60 KRACK, USN-3455-1, USN-3505-1, VIGILANCE-VUL-24144, VU#228519.
Description of the vulnerability
An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
X.Org Server: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of X.Org Server.
Impacted products: Debian, NetBSD, openSUSE Leap, Solaris, Slackware, Ubuntu, Unix (platform) ~ not comprehensive, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 12.
Creation date: 13/10/2017.
Identifiers: bulletinoct2018, CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186, CVE-2017-12187, DLA-1186-1, DSA-4000-1, openSUSE-SU-2017:2823-1, SSA:2017-291-03, USN-3456-1, VIGILANCE-VUL-24130.
Description of the vulnerability
An attacker can use several vulnerabilities of X.Org Server.
Full Vigil@nce bulletin... (Free trial) |
libxfont: out-of-bounds memory reading via PCF
Synthesis of the vulnerability
An attacker can force a read at an invalid address via PCF of libxfont, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, NetBSD, openSUSE Leap, Ubuntu, Unix (platform) ~ not comprehensive, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/10/2017.
Identifiers: CVE-2017-13722, DLA-1126-1, DSA-3995-1, FEDORA-2017-2783ef2c63, FEDORA-2017-b7c4334524, FEDORA-2017-f44afd1f34, openSUSE-SU-2017:3256-1, openSUSE-SU-2018:0343-1, USN-3442-1, VIGILANCE-VUL-24047.
Description of the vulnerability
An attacker can force a read at an invalid address via PCF of libxfont, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
libxfont: out-of-bounds memory reading via Question Character
Synthesis of the vulnerability
An attacker can force a read at an invalid address via Question Character of libxfont, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, NetBSD, openSUSE Leap, Ubuntu, Unix (platform) ~ not comprehensive, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/10/2017.
Identifiers: CVE-2017-13720, DLA-1126-1, DSA-3995-1, FEDORA-2017-2783ef2c63, FEDORA-2017-b7c4334524, FEDORA-2017-f44afd1f34, openSUSE-SU-2017:3256-1, openSUSE-SU-2018:0343-1, USN-3442-1, VIGILANCE-VUL-24046.
Description of the vulnerability
An attacker can force a read at an invalid address via Question Character of libxfont, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Bluetooth Drivers: multiple vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities were announced in several implementations of Bluetooth drivers.
Impacted products: iOS by Apple, iPhone, Android OS, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/09/2017.
Revisions dates: 13/09/2017, 13/09/2017.
Identifiers: BlueBorne, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-8628, SUSE-SU-2019:0510-1, VIGILANCE-VUL-23818, VU#240311.
Description of the vulnerability
Several vulnerabilities were announced in several implementations of Bluetooth drivers:
- Android : Information Leak Vulnerability (CVE-2017-0785) - VIGILANCE-VUL-23741
- Android : Remote Code Execution Vulnerability #1 (CVE-2017-0781) - VIGILANCE-VUL-23741
- Android : Remote Code Execution vulnerability #2 (CVE-2017-0782) - VIGILANCE-VUL-23741
- Android : Man in The Middle attack (CVE-2017-0783) - VIGILANCE-VUL-23741
- Windows : Man in The Middle attack (CVE-2017-8628) - VIGILANCE-VUL-23826
- Linux : BlueZ Information leak vulnerability (CVE-2017-1000250) - VIGILANCE-VUL-23829
- Linux : Kernel > 3.3 Stack overflow (CVE-2017-1000251) - VIGILANCE-VUL-23830
- iOS : Remote code execution via Low Energy Audio Protocol (CVE-2017-14315) - mitigated by iOS 10
This bulletin serves as a cap because all these vulnerabilities have been grouped under the name "BlueBorne". Individual bulletins are referenced at the end of each line.
Full Vigil@nce bulletin... (Free trial) |
BlueZ: information disclosure via SDP
Synthesis of the vulnerability
A local attacker can read a memory fragment via SDP of BlueZ, in order to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 13/09/2017.
Identifiers: CVE-2017-1000250, DLA-1103-1, DSA-3972-1, FEDORA-2017-fe95a5b88b, openSUSE-SU-2017:2810-1, RHSA-2017:2685-01, SUSE-SU-2019:0510-1, Synology-SA-17:52, USN-3413-1, VIGILANCE-VUL-23829.
Description of the vulnerability
A local attacker can read a memory fragment via SDP of BlueZ, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
GNU Emacs: code execution via Content-Type text/enriched
Synthesis of the vulnerability
An attacker can use a vulnerability via Content-Type text/enriched of GNU Emacs, in order to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 11/09/2017.
Identifiers: bulletinoct2017, CVE-2017-14482, DLA-1101-1, DSA-3970-1, DSA-3975-1, FEDORA-2017-3a568adb31, FEDORA-2017-8f27031c8f, FEDORA-2017-a1dc0ef38c, openSUSE-SU-2017:2535-1, RHSA-2017:2771-01, SSA:2017-255-01, SUSE-SU-2017:2529-1, SUSE-SU-2017:2532-1, USN-3427-1, USN-3428-1, VIGILANCE-VUL-23804.
Description of the vulnerability
An attacker can use a vulnerability via Content-Type text/enriched of GNU Emacs, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Libgcrypt: information disclosure via Curve25519 ECDH Side-channel
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Curve25519 ECDH Side-channel of Libgcrypt, in order to obtain sensitive information.
Impacted products: Debian, Fedora, GnuPG, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Oracle Communications, Percona Server, Slackware, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet server.
Creation date: 30/08/2017.
Identifiers: cpujan2019, cpujul2018, CVE-2017-0379, DSA-3959-1, FEDORA-2017-8cd171f540, FEDORA-2017-bcdeca9d41, SSA:2017-261-02, USN-3417-1, VIGILANCE-VUL-23639.
Description of the vulnerability
An attacker can bypass access restrictions to data via Curve25519 ECDH Side-channel of Libgcrypt, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
|