The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Unix - platform ~ not comprehensive

computer vulnerability note 24749

TLS: information disclosure via ROBOT Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack of TLS, in order to obtain sensitive information.
Impacted products: Bouncy Castle JCE, Cisco ACE, BIG-IP Hardware, TMOS, Mule ESB, Java OpenJDK, Java Oracle, Palo Alto Firewall PA***, PAN-OS, RabbitMQ, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 13/12/2017.
Identifiers: CERTFR-2017-ALE-020, cisco-sa-20171212-bleichenbacher, CSCvg74693, CTX230238, K21905460, PAN-SA-2017-0032, ROBOT Attack, VIGILANCE-VUL-24749, VU#144389.

Description of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack of TLS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-8819 CVE-2017-8820 CVE-2017-8821

Tor: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Tor.
Impacted products: Debian, Fedora, Windows (platform) ~ not comprehensive, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 04/12/2017.
Identifiers: CVE-2017-8819, CVE-2017-8820, CVE-2017-8821, CVE-2017-8822, CVE-2017-8823, DSA-4054-1, FEDORA-2017-bc2edc421d, FEDORA-2017-bce9e03721, openSUSE-SU-2017:3201-1, openSUSE-SU-2017:3203-1, VIGILANCE-VUL-24616.

Description of the vulnerability

An attacker can use several vulnerabilities of Tor.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-13077 CVE-2017-13078 CVE-2017-13079

WPA2: information disclosure via Key Reinstallation Attacks

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Impacted products: SNS, iOS by Apple, iPhone, Mac OS X, ArubaOS, Cisco Aironet, Cisco AnyConnect Secure Mobility Client, ASA, Meraki MR***, Cisco IP Phone, Cisco Wireless IP Phone, Debian, Fedora, FortiGate, FortiOS, FreeBSD, Android OS, Junos OS, SSG, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, openSUSE Leap, pfSense, 802.11 protocol, RHEL, RuggedSwitch, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: data reading.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 10.
Creation date: 16/10/2017.
Identifiers: ARUBA-PSA-2017-007, CERTFR-2017-ALE-014, CERTFR-2017-AVI-357, CERTFR-2017-AVI-358, CERTFR-2017-AVI-359, CERTFR-2017-AVI-360, CERTFR-2017-AVI-361, CERTFR-2017-AVI-363, CERTFR-2017-AVI-373, CERTFR-2017-AVI-379, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-441, CERTFR-2017-AVI-478, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, cisco-sa-20171016-wpa, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088, DLA-1150-1, DLA-1200-1, DLA-1573-1, DSA-3999-1, FEDORA-2017-12e76e8364, FEDORA-2017-45044b6b33, FEDORA-2017-60bfb576b7, FEDORA-2017-cfb950d8f4, FEDORA-2017-fc21e3856b, FG-IR-17-196, FreeBSD-SA-17:07.wpa, HT208221, HT208222, HT208334, HT208394, JSA10827, K-511282, KRACK Attacks, openSUSE-SU-2017:2755-1, openSUSE-SU-2017:2846-1, openSUSE-SU-2017:2896-1, openSUSE-SU-2017:2905-1, openSUSE-SU-2017:3144-1, RHSA-2017:2907-01, RHSA-2017:2911-01, SSA:2017-291-02, SSA-418456, SSA-901333, STORM-2017-005, SUSE-SU-2017:2745-1, SUSE-SU-2017:2752-1, SUSE-SU-2017:2847-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:3106-1, SUSE-SU-2017:3165-1, SUSE-SU-2017:3265-1, SUSE-SU-2017:3267-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, Synology-SA-17:60, Synology-SA-17:60 KRACK, USN-3455-1, USN-3505-1, VIGILANCE-VUL-24144, VU#228519.

Description of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-12176 CVE-2017-12177 CVE-2017-12178

X.Org Server: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of X.Org Server.
Impacted products: Debian, NetBSD, openSUSE Leap, Solaris, Slackware, Ubuntu, Unix (platform) ~ not comprehensive, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 12.
Creation date: 13/10/2017.
Identifiers: bulletinoct2018, CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186, CVE-2017-12187, DLA-1186-1, DSA-4000-1, openSUSE-SU-2017:2823-1, SSA:2017-291-03, USN-3456-1, VIGILANCE-VUL-24130.

Description of the vulnerability

An attacker can use several vulnerabilities of X.Org Server.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-13722

libxfont: out-of-bounds memory reading via PCF

Synthesis of the vulnerability

An attacker can force a read at an invalid address via PCF of libxfont, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, NetBSD, openSUSE Leap, Ubuntu, Unix (platform) ~ not comprehensive, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/10/2017.
Identifiers: CVE-2017-13722, DLA-1126-1, DSA-3995-1, FEDORA-2017-2783ef2c63, FEDORA-2017-b7c4334524, FEDORA-2017-f44afd1f34, openSUSE-SU-2017:3256-1, openSUSE-SU-2018:0343-1, USN-3442-1, VIGILANCE-VUL-24047.

Description of the vulnerability

An attacker can force a read at an invalid address via PCF of libxfont, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-13720

libxfont: out-of-bounds memory reading via Question Character

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Question Character of libxfont, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, NetBSD, openSUSE Leap, Ubuntu, Unix (platform) ~ not comprehensive, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/10/2017.
Identifiers: CVE-2017-13720, DLA-1126-1, DSA-3995-1, FEDORA-2017-2783ef2c63, FEDORA-2017-b7c4334524, FEDORA-2017-f44afd1f34, openSUSE-SU-2017:3256-1, openSUSE-SU-2018:0343-1, USN-3442-1, VIGILANCE-VUL-24046.

Description of the vulnerability

An attacker can force a read at an invalid address via Question Character of libxfont, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-0781 CVE-2017-0782 CVE-2017-0783

Bluetooth Drivers: multiple vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in several implementations of Bluetooth drivers.
Impacted products: iOS by Apple, iPhone, Android OS, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/09/2017.
Revisions dates: 13/09/2017, 13/09/2017.
Identifiers: BlueBorne, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-8628, SUSE-SU-2019:0510-1, VIGILANCE-VUL-23818, VU#240311.

Description of the vulnerability

Several vulnerabilities were announced in several implementations of Bluetooth drivers:
 - Android : Information Leak Vulnerability (CVE-2017-0785) - VIGILANCE-VUL-23741
 - Android : Remote Code Execution Vulnerability #1 (CVE-2017-0781) - VIGILANCE-VUL-23741
 - Android : Remote Code Execution vulnerability #2 (CVE-2017-0782) - VIGILANCE-VUL-23741
 - Android : Man in The Middle attack (CVE-2017-0783) - VIGILANCE-VUL-23741
 - Windows : Man in The Middle attack (CVE-2017-8628) - VIGILANCE-VUL-23826
 - Linux : BlueZ Information leak vulnerability (CVE-2017-1000250) - VIGILANCE-VUL-23829
 - Linux : Kernel > 3.3 Stack overflow (CVE-2017-1000251) - VIGILANCE-VUL-23830
 - iOS : Remote code execution via Low Energy Audio Protocol (CVE-2017-14315) - mitigated by iOS 10

This bulletin serves as a cap because all these vulnerabilities have been grouped under the name "BlueBorne". Individual bulletins are referenced at the end of each line.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-1000250

BlueZ: information disclosure via SDP

Synthesis of the vulnerability

A local attacker can read a memory fragment via SDP of BlueZ, in order to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 13/09/2017.
Identifiers: CVE-2017-1000250, DLA-1103-1, DSA-3972-1, FEDORA-2017-fe95a5b88b, openSUSE-SU-2017:2810-1, RHSA-2017:2685-01, SUSE-SU-2019:0510-1, Synology-SA-17:52, USN-3413-1, VIGILANCE-VUL-23829.

Description of the vulnerability

A local attacker can read a memory fragment via SDP of BlueZ, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-14482

GNU Emacs: code execution via Content-Type text/enriched

Synthesis of the vulnerability

An attacker can use a vulnerability via Content-Type text/enriched of GNU Emacs, in order to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 11/09/2017.
Identifiers: bulletinoct2017, CVE-2017-14482, DLA-1101-1, DSA-3970-1, DSA-3975-1, FEDORA-2017-3a568adb31, FEDORA-2017-8f27031c8f, FEDORA-2017-a1dc0ef38c, openSUSE-SU-2017:2535-1, RHSA-2017:2771-01, SSA:2017-255-01, SUSE-SU-2017:2529-1, SUSE-SU-2017:2532-1, USN-3427-1, USN-3428-1, VIGILANCE-VUL-23804.

Description of the vulnerability

An attacker can use a vulnerability via Content-Type text/enriched of GNU Emacs, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-0379

Libgcrypt: information disclosure via Curve25519 ECDH Side-channel

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Curve25519 ECDH Side-channel of Libgcrypt, in order to obtain sensitive information.
Impacted products: Debian, Fedora, GnuPG, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Oracle Communications, Percona Server, Slackware, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet server.
Creation date: 30/08/2017.
Identifiers: cpujan2019, cpujul2018, CVE-2017-0379, DSA-3959-1, FEDORA-2017-8cd171f540, FEDORA-2017-bcdeca9d41, SSA:2017-261-02, USN-3417-1, VIGILANCE-VUL-23639.

Description of the vulnerability

An attacker can bypass access restrictions to data via Curve25519 ECDH Side-channel of Libgcrypt, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.