The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of CentOS

vulnerability announce CVE-2019-3815

systemd: memory leak via journald-server.c

Synthesis of the vulnerability

An attacker can create a memory leak via journald-server.c of systemd, in order to trigger a denial of service.
Impacted products: RHEL.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 30/01/2019.
Identifiers: CVE-2019-3815, RHSA-2019:0201-01, VIGILANCE-VUL-28402.

Description of the vulnerability

An attacker can create a memory leak via journald-server.c of systemd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-16885

RHEL 7 Kernel: out-of-bounds memory reading via memcpy_fromiovecend

Synthesis of the vulnerability

An attacker can force a read at an invalid address via memcpy_fromiovecend() of RHEL 7 Kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: RHEL.
Severity: 1/4.
Consequences: data reading, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 04/01/2019.
Identifiers: 1661503, CVE-2018-16885, VIGILANCE-VUL-28164.

Description of the vulnerability

An attacker can force a read at an invalid address via memcpy_fromiovecend() of RHEL 7 Kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-18397

Linux kernel: privilege escalation via Userfaultfd Sparse Tmpfs Files Write

Synthesis of the vulnerability

An attacker can bypass restrictions via Userfaultfd Sparse Tmpfs Files Write of the Linux kernel, in order to escalate his privileges.
Impacted products: Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, data creation/edition.
Provenance: user shell.
Creation date: 12/12/2018.
Identifiers: 1700, CERTFR-2019-AVI-038, CERTFR-2019-AVI-042, CVE-2018-18397, openSUSE-SU-2019:0065-1, RHSA-2019:0163-01, RHSA-2019:0202-01, RHSA-2019:0324-01, SUSE-SU-2019:0196-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, VIGILANCE-VUL-28013.

Description of the vulnerability

An attacker can bypass restrictions via Userfaultfd Sparse Tmpfs Files Write of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-18314

Perl Core: buffer overflow via S_regatom

Synthesis of the vulnerability

An attacker can generate a buffer overflow via S_regatom() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Snap Creator Framework, OpenBSD, openSUSE Leap, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: CVE-2018-18314, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27919.

Description of the vulnerability

An attacker can generate a buffer overflow via S_regatom() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-18313

Perl Core: out-of-bounds memory reading via S_grok_bslash_N

Synthesis of the vulnerability

An attacker can force a read at an invalid address via S_grok_bslash_N() of Perl Core, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, Snap Creator Framework, OpenBSD, openSUSE Leap, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: 133192, CVE-2018-18313, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27918.

Description of the vulnerability

An attacker can force a read at an invalid address via S_grok_bslash_N() of Perl Core, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-18312

Perl Core: buffer overflow via Regular Expression Compilation

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Regular Expression Compilation of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Snap Creator Framework, OpenBSD, openSUSE Leap, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: 133423, CVE-2018-18312, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27917.

Description of the vulnerability

An attacker can generate a buffer overflow via Regular Expression Compilation of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-18311

Perl Core: integer overflow via Perl_my_setenv

Synthesis of the vulnerability

An attacker can generate an integer overflow via Perl_my_setenv() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Snap Creator Framework, OpenBSD, openSUSE Leap, Solaris, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: 133204, bulletinjan2019, CVE-2018-18311, DLA-1601-1, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, RHSA-2019:0109-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27916.

Description of the vulnerability

An attacker can generate an integer overflow via Perl_my_setenv() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-19486

Git: code execution via run_command

Synthesis of the vulnerability

An attacker can use a vulnerability via run_command() of Git, in order to run code.
Impacted products: Fedora, openSUSE Leap, Solaris, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user shell.
Creation date: 28/11/2018.
Identifiers: bulletinjan2019, CVE-2018-19486, FEDORA-2018-29afefd172, FEDORA-2018-f467c36c2b, openSUSE-SU-2018:4257-1, RHSA-2018:3800-01, SUSE-SU-2018:4190-1, USN-3829-1, VIGILANCE-VUL-27893.

Description of the vulnerability

An attacker can use a vulnerability via run_command() of Git, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-19477

Ghostscript: privilege escalation via psi/zfjbig2.c-JBIG2Decode

Synthesis of the vulnerability

An attacker can bypass restrictions via psi/zfjbig2.c::JBIG2Decode of Ghostscript, in order to escalate his privileges.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 28/11/2018.
Identifiers: CVE-2018-19477, DLA-1598-1, DSA-4346-1, DSA-4346-2, FEDORA-2019-077a3f23c0, FEDORA-2019-82acb29c1b, openSUSE-SU-2018:4138-1, openSUSE-SU-2018:4140-1, RHSA-2019:0229-01, SUSE-SU-2018:4087-1, SUSE-SU-2018:4090-1, USN-3831-1, USN-3831-2, VIGILANCE-VUL-27890.

Description of the vulnerability

An attacker can bypass restrictions via psi/zfjbig2.c::JBIG2Decode of Ghostscript, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-19476

Ghostscript: privilege escalation via psi/zicc.c-setcolorspace

Synthesis of the vulnerability

An attacker can bypass restrictions via psi/zicc.c::setcolorspace of Ghostscript, in order to escalate his privileges.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 28/11/2018.
Identifiers: CVE-2018-19476, DLA-1598-1, DSA-4346-1, DSA-4346-2, FEDORA-2019-077a3f23c0, FEDORA-2019-82acb29c1b, openSUSE-SU-2018:4138-1, openSUSE-SU-2018:4140-1, RHSA-2019:0229-01, SUSE-SU-2018:4087-1, SUSE-SU-2018:4090-1, USN-3831-1, USN-3831-2, VIGILANCE-VUL-27889.

Description of the vulnerability

An attacker can bypass restrictions via psi/zicc.c::setcolorspace of Ghostscript, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about CentOS: