The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of CentOS

computer vulnerability note CVE-2019-1301 CVE-2019-1302

Microsoft .NET Core: vulnerabilities of September 2019

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 11/09/2019.
Revision date: 16/09/2019.
Identifiers: CVE-2019-1301, CVE-2019-1302, RHSA-2019:2731-01, RHSA-2019:2732-01, VIGILANCE-VUL-30306.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2019-10214

containers/image: information disclosure via Clear Text Session

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Clear Text Session of containers/image, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 10/09/2019.
Identifiers: 1144065, CVE-2019-10214, openSUSE-SU-2019:2137-1, openSUSE-SU-2019:2138-1, openSUSE-SU-2019:2143-1, openSUSE-SU-2019:2159-1, RHSA-2019:3403-01, RHSA-2019:3494-01, SUSE-SU-2019:2340-1, SUSE-SU-2019:2341-1, SUSE-SU-2019:2346-1, VIGILANCE-VUL-30289.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Clear Text Session of containers/image, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2019-16056

Python: information disclosure via Email Address Multiple At Characters

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Email Address Multiple At Characters of Python, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 09/09/2019.
Identifiers: CVE-2019-16056, DLA-1924-1, DLA-1925-1, FEDORA-2019-2b1f72899a, FEDORA-2019-d58eb75449, openSUSE-SU-2019:2389-1, openSUSE-SU-2019:2393-1, openSUSE-SU-2019:2438-1, openSUSE-SU-2019:2453-1, RHSA-2019:3725-01, SUSE-SU-2019:2748-1, SUSE-SU-2019:2748-2, USN-4151-1, USN-4151-2, VIGILANCE-VUL-30278.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Email Address Multiple At Characters of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2019-15903

libexpat: out-of-bounds memory reading via XML_GetCurrentLineNumber

Synthesis of the vulnerability

An attacker can force a read at an invalid address via XML_GetCurrentLineNumber() of libexpat, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 09/09/2019.
Identifiers: CERTFR-2019-AVI-535, CVE-2019-15903, DLA-1912-1, DLA-1987-1, DSA-4530-1, DSA-4549-1, FEDORA-2019-672ae0f060, FEDORA-2019-9505c6b555, FEDORA-2019-9b4ebc2973, MFSA-2019-33, MFSA-2019-34, MFSA-2019-35, openSUSE-SU-2019:2204-1, openSUSE-SU-2019:2205-1, openSUSE-SU-2019:2420-1, openSUSE-SU-2019:2424-1, openSUSE-SU-2019:2425-1, openSUSE-SU-2019:2447-1, openSUSE-SU-2019:2451-1, openSUSE-SU-2019:2452-1, openSUSE-SU-2019:2459-1, openSUSE-SU-2019:2464-1, RHSA-2019:3210-01, RHSA-2019:3237-01, RHSA-2019:3756-01, SSA:2019-259-01, SSA:2019-293-01, SSA:2019-295-01, SUSE-SU-2019:2429-1, SUSE-SU-2019:2440-1, SUSE-SU-2019:2871-1, SUSE-SU-2019:2872-1, SUSE-SU-2019:2912-1, USN-4132-1, USN-4132-2, USN-4165-1, USN-4165-2, VIGILANCE-VUL-30268.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via XML_GetCurrentLineNumber() of libexpat, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-15718

systemd: information disclosure via DNS Settings Change

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via DNS Settings Change of systemd, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 04/09/2019.
Identifiers: CVE-2019-15718, RHSA-2019:3592-01, USN-4120-1, USN-4120-2, VIGILANCE-VUL-30239.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via DNS Settings Change of systemd, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2019-13313

libosinfo: information disclosure via osinfo-install-script

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via osinfo-install-script of libosinfo, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 04/09/2019.
Identifiers: CVE-2019-13313, RHSA-2019:3387-01, SUSE-SU-2019:2273-1, VIGILANCE-VUL-30237.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via osinfo-install-script of libosinfo, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2019-5849

Skia: out-of-bounds memory reading

Synthesis of the vulnerability

An attacker can force a read at an invalid address of Skia, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 03/09/2019.
Identifiers: CVE-2019-5849, DSA-4500-1, MFSA-2019-25, MFSA-2019-26, openSUSE-SU-2019:1848-1, openSUSE-SU-2019:1849-1, openSUSE-SU-2019:1853-1, openSUSE-SU-2019:1901-1, RHSA-2019:2427-01, USN-4122-1, VIGILANCE-VUL-30234.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address of Skia, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2019-11772

Eclipse OpenJ9: buffer overflow via String.getBytes

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via String.getBytes() of Eclipse OpenJ9, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 02/09/2019.
Identifiers: 1087227, CVE-2019-11772, RHSA-2019:2585-01, RHSA-2019:2590-01, RHSA-2019:2592-01, SUSE-SU-2019:2291-1, SUSE-SU-2019:2371-1, VIGILANCE-VUL-30214.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a buffer overflow via String.getBytes() of Eclipse OpenJ9, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2019-11775

Eclipse OpenJ9: out-of-bounds memory reading via Loop Versioner

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Loop Versioner of Eclipse OpenJ9, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 19/08/2019.
Identifiers: 1087227, CVE-2019-11775, RHSA-2019:2494-01, RHSA-2019:2495-01, RHSA-2019:2585-01, RHSA-2019:2590-01, RHSA-2019:2592-01, SUSE-SU-2019:14160-1, SUSE-SU-2019:14188-1, SUSE-SU-2019:2291-1, SUSE-SU-2019:2336-1, SUSE-SU-2019:2371-1, VIGILANCE-VUL-30076.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via Loop Versioner of Eclipse OpenJ9, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2019-10140

RHEL 7: NULL pointer dereference via ovl_posix_acl_create

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ovl_posix_acl_create() of RHEL 7, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 19/08/2019.
Identifiers: CVE-2019-10140, RHBUG-1677778, VIGILANCE-VUL-30075.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ovl_posix_acl_create() of RHEL 7, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about CentOS: