The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of CentOS

vulnerability announce CVE-2018-16864 CVE-2018-16865

systemd: memory corruption via alloca

Synthesis of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, McAfee Web Gateway, openSUSE Leap, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/01/2019.
Revision date: 10/05/2019.
Identifiers: cpuapr2019, CVE-2018-16864, CVE-2018-16865, DLA-1639-1, DSA-4367-1, DSA-4367-2, openSUSE-SU-2019:0097-1, openSUSE-SU-2019:0098-1, RHSA-2019:0049-01, RHSA-2019:0204-01, SB10276, SUSE-SU-2019:0053-1, SUSE-SU-2019:0054-1, SUSE-SU-2019:0054-2, SUSE-SU-2019:0135-1, SUSE-SU-2019:0137-1, USN-3855-1, VIGILANCE-VUL-28232.

Description of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-12020

GnuPG: creation of fake status messages

Synthesis of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Debian, Fedora, GnuPG, Junos Space, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 08/06/2018.
Revision date: 02/05/2019.
Identifiers: bulletinjul2018, CVE-2018-12020, DSA-4222-1, DSA-4223-1, FEDORA-2018-4ef71d3525, FEDORA-2018-69780fc4d7, FEDORA-2018-a4e13742b4, JSA10917, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, openSUSE-SU-2018:1722-1, openSUSE-SU-2018:1724-1, RHSA-2018:2180-01, RHSA-2018:2181-01, SSA:2018-159-01, SSA:2018-170-01, SUSE-SU-2018:1696-1, SUSE-SU-2018:1698-1, SUSE-SU-2018:2243-1, T4012, USN-3675-1, USN-3675-2, USN-3675-3, USN-3964-1, VIGILANCE-VUL-26364.

Description of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-5743

ISC BIND: measure against denial of service ineffective

Synthesis of the vulnerability

An attacker can bypass restrictions to the amount of simultaneous TCP connections to ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, BIND, RHEL, Slackware, Synology DSM, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 25/04/2019.
Identifiers: CERTFR-2019-AVI-187, CVE-2018-5743, DSA-4440-1, K74009656, RHSA-2019:1145-01, SSA:2019-116-01, Synology-SA-19:20, USN-3956-1, USN-3956-2, VIGILANCE-VUL-29129.

Description of the vulnerability

An attacker can bypass restrictions to the amount of simultaneous TCP connections to ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-3830

OpenStack Ceilometer: information disclosure via Sensitive Configuration Date Loggued

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Sensitive Configuration Date Loggued of OpenStack Ceilometer, in order to obtain sensitive information.
Impacted products: RHEL.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 27/03/2019.
Identifiers: 1811098, CVE-2019-3830, RHBUG-1677389, RHSA-2019:0919-01, VIGILANCE-VUL-28876.

Description of the vulnerability

An attacker can bypass access restrictions to data via Sensitive Configuration Date Loggued of OpenStack Ceilometer, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-3877

Apache mod_auth_mellon: open redirect via Logout URL Checking

Synthesis of the vulnerability

An attacker can deceive the user via Logout URL Checking of Apache mod_auth_mellon, in order to redirect him to a malicious site.
Impacted products: Debian, Fedora, RHEL.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 25/03/2019.
Identifiers: CVE-2019-3877, DSA-4414-1, FEDORA-2019-db1e9b3002, RHSA-2019:0766-01, VIGILANCE-VUL-28828.

Description of the vulnerability

An attacker can deceive the user via Logout URL Checking of Apache mod_auth_mellon, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-0816

cloud-init: privilege escalation via Azure Extra Authorized Keys

Synthesis of the vulnerability

An attacker can bypass restrictions via Azure Extra Authorized Keys of cloud-init, in order to escalate his privileges.
Impacted products: RHEL.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 19/03/2019.
Identifiers: CVE-2019-0816, RHBUG-1680165, RHSA-2019:0597-01, VIGILANCE-VUL-28766.

Description of the vulnerability

An attacker can bypass restrictions via Azure Extra Authorized Keys of cloud-init, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-3804

Cockpit: denial of service via Base64 Headers

Synthesis of the vulnerability

An attacker can trigger a fatal error via Base64 Headers of Cockpit, in order to trigger a denial of service.
Impacted products: RHEL.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 13/03/2019.
Identifiers: CVE-2019-3804, RHSA-2019:0482-01, VIGILANCE-VUL-28744.

Description of the vulnerability

An attacker can trigger a fatal error via Base64 Headers of Cockpit, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-9735

OpenStack Neutron: privilege escalation via Iptables Unsupported Destination Port

Synthesis of the vulnerability

An attacker can bypass restrictions via Iptables Unsupported Destination Port of OpenStack Neutron, in order to escalate his privileges.
Impacted products: Debian, RHEL.
Severity: 2/4.
Consequences: data flow, denial of service on service.
Provenance: internet client.
Creation date: 13/03/2019.
Identifiers: 1818385, CVE-2019-9735, DSA-4409-1, OSSA-2019-001, RHSA-2019:0879-01, RHSA-2019:0916-01, RHSA-2019:0935-01, VIGILANCE-VUL-28741.

Description of the vulnerability

An attacker can bypass restrictions via Iptables Unsupported Destination Port of OpenStack Neutron, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-12180

OVMF: buffer overflow via BlockIo

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via BlockIo of OVMF, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service.
Provenance: user shell.
Creation date: 12/03/2019.
Identifiers: CVE-2018-12180, FEDORA-2019-bff1cbaba3, openSUSE-SU-2019:0348-1, openSUSE-SU-2019:1083-1, RHSA-2019:0809-01, SUSE-SU-2019:0579-1, SUSE-SU-2019:0580-1, SUSE-SU-2019:0581-1, VIGILANCE-VUL-28715.

Description of the vulnerability

An attacker can trigger a buffer overflow via BlockIo of OVMF, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-9636

Python: information disclosure via Punycode/IDNA NFKC Normalization

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, Python, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 08/03/2019.
Identifiers: 36216, CVE-2019-9636, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1371-1, RHSA-2019:0710-01, RHSA-2019:0765-01, RHSA-2019:0806-01, RHSA-2019:0902-01, SUSE-SU-2019:0961-1, SUSE-SU-2019:0971-1, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, VIGILANCE-VUL-28692.

Description of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about CentOS: