| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Android OS
Linux kernel: use after free via em28xx_dvb_fini
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area via em28xx_dvb_fini() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, RSA Authentication Manager, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 27/03/2019.
Identifiers: CERTFR-2019-AVI-131, CVE-2019-2024, DLA-1799-1, DLA-1799-2, DSA-2019-093, openSUSE-SU-2019:1085-1, openSUSE-SU-2019:1193-1, SUSE-SU-2019:0765-1, SUSE-SU-2019:0767-1, SUSE-SU-2019:0801-1, SUSE-SU-2019:0828-1, SUSE-SU-2019:0901-1, VIGILANCE-VUL-28871.
Description of the vulnerability
An attacker can force the usage of a freed memory area via em28xx_dvb_fini() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Bluetooth Firmware: information disclosure via Weak Elliptic Curve Parameters
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Weak Elliptic Curve Parameters of Bluetooth Firmware, in order to obtain sensitive information.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Android OS, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: radio connection.
Creation date: 19/02/2019.
Identifiers: CERTFR-2019-AVI-188, CVE-2018-5383, DLA-1747-1, HT208848, HT208849, HT208937, HT209139, openSUSE-SU-2019:0275-1, SUSE-SU-2019:0422-1, SUSE-SU-2019:0427-1, SUSE-SU-2019:0427-2, SUSE-SU-2019:0466-1, VIGILANCE-VUL-28536.
Description of the vulnerability
An attacker can bypass access restrictions to data via Weak Elliptic Curve Parameters of Bluetooth Firmware, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: memory corruption via sk_clone_lock
Synthesis of the vulnerability
An attacker can trigger a memory corruption via sk_clone_lock() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 18/01/2019.
Identifiers: CERTFR-2019-AVI-038, CERTFR-2019-AVI-042, CERTFR-2019-AVI-044, CERTFR-2019-AVI-051, CERTFR-2019-AVI-071, CERTFR-2019-AVI-112, CERTFR-2019-AVI-114, CERTFR-2019-AVI-233, CVE-2018-9568, openSUSE-SU-2019:0065-1, openSUSE-SU-2019:0140-1, RHSA-2019:0512-01, RHSA-2019:0514-01, SUSE-SU-2019:0148-1, SUSE-SU-2019:0196-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0320-1, SUSE-SU-2019:0439-1, SUSE-SU-2019:0541-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:13937-1, SUSE-SU-2019:13979-1, USN-3880-1, USN-3880-2, VIGILANCE-VUL-28304.
Description of the vulnerability
An attacker can trigger a memory corruption via sk_clone_lock() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: information disclosure via mremap
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via mremap() of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 29/10/2018.
Identifiers: 1695, 1798863, CERTFR-2018-AVI-541, CERTFR-2018-AVI-581, CERTFR-2018-AVI-583, CERTFR-2019-AVI-019, CERTFR-2019-AVI-035, CERTFR-2019-AVI-038, CERTFR-2019-AVI-041, CERTFR-2019-AVI-042, CERTFR-2019-AVI-044, CERTFR-2019-AVI-071, CERTFR-2019-AVI-183, CERTFR-2019-AVI-233, CVE-2018-18281, DLA-1715-1, DLA-1731-1, DLA-1731-2, openSUSE-SU-2018:3817-1, openSUSE-SU-2018:4133-1, RHSA-2019:0831-01, SSA:2019-030-01, SUSE-SU-2018:3689-1, SUSE-SU-2018:3746-1, SUSE-SU-2018:3773-1, SUSE-SU-2018:4069-1, SUSE-SU-2019:0095-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0439-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:13937-1, USN-3832-1, USN-3835-1, USN-3871-1, USN-3871-2, USN-3871-3, USN-3871-4, USN-3871-5, USN-3880-1, USN-3880-2, VIGILANCE-VUL-27638.
Description of the vulnerability
An attacker can bypass access restrictions to data via mremap() of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: buffer overflow via nfc_llcp_build_sdreq_tlv
Synthesis of the vulnerability
An attacker can generate a buffer overflow via nfc_llcp_build_sdreq_tlv() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, Linux, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: document.
Creation date: 23/10/2018.
Identifiers: CERTFR-2018-AVI-508, CVE-2018-9518, USN-3798-1, USN-3798-2, VIGILANCE-VUL-27601.
Description of the vulnerability
An attacker can generate a buffer overflow via nfc_llcp_build_sdreq_tlv() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: memory corruption via SCSI Driver
Synthesis of the vulnerability
An attacker can generate a memory corruption via SCSI Driver of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, Linux, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 23/10/2018.
Identifiers: CERTFR-2018-AVI-508, CVE-2017-0794, USN-3798-1, USN-3798-2, VIGILANCE-VUL-27600.
Description of the vulnerability
An attacker can generate a memory corruption via SCSI Driver of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: buffer overflow via hid-debug.c
Synthesis of the vulnerability
An attacker can generate a buffer overflow via hid-debug.c of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 02/10/2018.
Identifiers: CERTFR-2018-AVI-538, CERTFR-2018-AVI-541, CERTFR-2019-AVI-019, CERTFR-2019-AVI-035, CERTFR-2019-AVI-038, CERTFR-2019-AVI-041, CERTFR-2019-AVI-071, CERTFR-2019-AVI-233, CVE-2018-9516, DLA-1529-1, DLA-1531-1, DSA-4308-1, openSUSE-SU-2018:3817-1, SUSE-SU-2018:3659-1, SUSE-SU-2018:3689-1, SUSE-SU-2018:3746-1, SUSE-SU-2018:3773-1, SUSE-SU-2019:0095-1, SUSE-SU-2019:0439-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:13937-1, USN-3871-1, USN-3871-2, USN-3871-3, USN-3871-4, USN-3871-5, VIGILANCE-VUL-27371.
Description of the vulnerability
An attacker can generate a buffer overflow via hid-debug.c of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: information disclosure via vmacache_flush_all
Synthesis of the vulnerability
A local attacker can read a memory fragment via vmacache_flush_all() of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE Leap, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 19/09/2018.
Identifiers: CERTFR-2018-AVI-462, CERTFR-2018-AVI-472, CERTFR-2018-AVI-480, CERTFR-2018-AVI-490, CERTFR-2018-AVI-508, CERTFR-2018-AVI-538, CERTFR-2019-AVI-019, CVE-2018-17182, DLA-1529-1, DLA-1531-1, DSA-4308-1, FEDORA-2018-d77cc41f35, FEDORA-2018-e820fccd83, openSUSE-SU-2018:3071-1, openSUSE-SU-2018:3202-1, RHSA-2018:3656-01, SSA:2018-264-01, SSB-439005, SUSE-SU-2018:3032-1, SUSE-SU-2018:3083-1, SUSE-SU-2018:3084-1, SUSE-SU-2018:3100-1, SUSE-SU-2018:3159-1, SUSE-SU-2018:3659-1, SUSE-SU-2019:0095-1, USN-3776-1, USN-3776-2, USN-3777-1, USN-3777-2, USN-3777-3, VIGILANCE-VUL-27257.
Description of the vulnerability
A local attacker can read a memory fragment via vmacache_flush_all() of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: privilege escalation via Generic SCSI Driver
Synthesis of the vulnerability
An attacker can bypass restrictions via Generic SCSI Driver of the Linux kernel, in order to escalate his privileges.
Impacted products: Android OS, Linux, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, data reading.
Provenance: user shell.
Creation date: 24/08/2018.
Identifiers: CERTFR-2018-AVI-408, CERTFR-2018-AVI-557, CVE-2017-13168, USN-3753-1, USN-3753-2, USN-3820-1, USN-3820-2, USN-3820-3, USN-3822-1, USN-3822-2, VIGILANCE-VUL-27071.
Description of the vulnerability
An attacker can bypass restrictions via Generic SCSI Driver of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: use after free via AMBA
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area via AMBA of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, Linux, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 24/08/2018.
Identifiers: CERTFR-2018-AVI-408, CERTFR-2018-AVI-413, CVE-2018-9415, SUSE-SU-2018:1366-1, USN-3752-1, USN-3752-2, USN-3752-3, VIGILANCE-VUL-27070.
Description of the vulnerability
An attacker can force the usage of a freed memory area via AMBA of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Android OS:
|