The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of CentOS

computer vulnerability CVE-2019-10140

RHEL 7: NULL pointer dereference via ovl_posix_acl_create

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ovl_posix_acl_create() of RHEL 7, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager, RHEL.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 19/08/2019.
Identifiers: CVE-2019-10140, RHBUG-1677778, VIGILANCE-VUL-30075.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ovl_posix_acl_create() of RHEL 7, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-11733

Firefox: information disclosure via Stored Passwords Copy

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Stored Passwords Copy of Firefox, in order to obtain sensitive information.
Impacted products: Firefox, RHEL, Slackware, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 19/08/2019.
Identifiers: CERTFR-2019-AVI-400, CVE-2019-11733, MFSA-2019-24, RHSA-2019:2694-01, RHSA-2019:2729-01, SSA:2019-226-02, USN-4101-1, VIGILANCE-VUL-30056.

Description of the vulnerability

An attacker can bypass access restrictions to data via Stored Passwords Copy of Firefox, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-1125

Intel 64-bit CPU: information disclosure via SWAPGS

Synthesis of the vulnerability

A local attacker can read a memory fragment via SWAPGS of Intel 64-bit CPU, in order to obtain sensitive information.
Impacted products: SNS, Arkoon FAST360, Debian, BIG-IP Hardware, TMOS, Fedora, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, NETASQ, OpenBSD, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 07/08/2019.
Identifiers: CERTFR-2019-AVI-375, CERTFR-2019-AVI-376, CERTFR-2019-AVI-381, CERTFR-2019-AVI-390, CERTFR-2019-AVI-391, CERTFR-2019-AVI-392, CERTFR-2019-AVI-417, CERTFR-2019-AVI-418, CERTFR-2019-AVI-428, CERTFR-2019-AVI-440, CVE-2019-1125, DLA-1884-1, DLA-1885-1, DSA-4495-1, DSA-4497-1, FEDORA-2019-6bda4c81f4, FEDORA-2019-e37c348348, K31085564, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, RHSA-2019:2405-01, RHSA-2019:2411-01, RHSA-2019:2473-01, RHSA-2019:2476-01, RHSA-2019:2600-01, RHSA-2019:2609-01, RHSA-2019:2695-01, RHSA-2019:2696-01, RHSA-2019:2730-01, SSA:2019-226-01, STORM-2019-007, SUSE-SU-2019:14157-1, SUSE-SU-2019:2068-1, SUSE-SU-2019:2069-1, SUSE-SU-2019:2070-1, SUSE-SU-2019:2071-1, SUSE-SU-2019:2072-1, SUSE-SU-2019:2073-1, SUSE-SU-2019:2262-1, SUSE-SU-2019:2263-1, SUSE-SU-2019:2299-1, SWAPGS, Synology-SA-19:32, USN-4093-1, USN-4094-1, USN-4095-1, USN-4095-2, USN-4096-1, VIGILANCE-VUL-29962.

Description of the vulnerability

A local attacker can read a memory fragment via SWAPGS of Intel 64-bit CPU, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-16888

systemd: denial of service via PIDFile Service Killing

Synthesis of the vulnerability

An attacker can trigger a fatal error via PIDFile Service Killing of systemd, in order to trigger a denial of service.
Impacted products: RHEL.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 06/08/2019.
Identifiers: CVE-2018-16888, RHSA-2019:2091-01, VIGILANCE-VUL-29958.

Description of the vulnerability

An attacker can trigger a fatal error via PIDFile Service Killing of systemd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-12697

libiberty: NULL pointer dereference via work_stuff_copy_to_from

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via work_stuff_copy_to_from() of libiberty, in order to trigger a denial of service.
Impacted products: RHEL.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/08/2019.
Identifiers: CVE-2018-12697, RHSA-2019:2075-01, VIGILANCE-VUL-29955.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via work_stuff_copy_to_from() of libiberty, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-12641

libiberty: denial of service via arm_pt

Synthesis of the vulnerability

An attacker can trigger a fatal error via arm_pt() of libiberty, in order to trigger a denial of service.
Impacted products: RHEL.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/08/2019.
Identifiers: CVE-2018-12641, RHSA-2019:2075-01, VIGILANCE-VUL-29954.

Description of the vulnerability

An attacker can trigger a fatal error via arm_pt() of libiberty, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-20834

Node.js tar: file corruption

Synthesis of the vulnerability

A local attacker can create a hard link, in order to alter the pointed file, with privileges of Node.js tar.
Impacted products: Nodejs Modules ~ not comprehensive, RHEL.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 22/07/2019.
Identifiers: CVE-2018-20834, RHSA-2019:1821-01, VIGILANCE-VUL-29853.

Description of the vulnerability

A local attacker can create a hard link, in order to alter the pointed file, with privileges of Node.js tar.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-13272

Linux kernel: privilege escalation via ptrace_link

Synthesis of the vulnerability

An attacker can bypass restrictions via ptrace_link of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Fedora, Tivoli Storage Manager, Linux, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 18/07/2019.
Identifiers: CERTFR-2019-AVI-375, CERTFR-2019-AVI-391, CERTFR-2019-AVI-419, CERTFR-2019-AVI-451, CVE-2019-13272, DLA-1862-1, DLA-1863-1, DSA-4484-1, FEDORA-2019-a95015e60f, PROJ-ZERO-1903, RHSA-2019:2405-01, RHSA-2019:2411-01, RHSA-2019:2809-01, SSA:2019-202-01, USN-4093-1, USN-4094-1, USN-4095-1, USN-4095-2, USN-4117-1, USN-4118-1, VIGILANCE-VUL-29820.

Description of the vulnerability

An attacker can bypass restrictions via ptrace_link of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-10171

RHEL 7.5: denial of service via 389-ds-base

Synthesis of the vulnerability

An attacker can trigger a fatal error via 389-ds-base of RHEL 7.5, in order to trigger a denial of service.
Impacted products: RHEL.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 16/07/2019.
Identifiers: CVE-2019-10171, RHSA-2019:1789-01, VIGILANCE-VUL-29787.

Description of the vulnerability

An attacker can trigger a fatal error via 389-ds-base of RHEL 7.5, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-10193

Redis: buffer overflow via Hyperloglog 12 Bytes

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via Hyperloglog 12 Bytes of Redis, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, RHEL, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 12/07/2019.
Identifiers: CVE-2019-10193, DSA-4480-1, RHSA-2019:1819-01, RHSA-2019:2002-01, USN-4061-1, VIGILANCE-VUL-29755.

Description of the vulnerability

An attacker can trigger a buffer overflow via Hyperloglog 12 Bytes of Redis, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about CentOS: