| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Debian
systemd: memory corruption via alloca
Synthesis of the vulnerability
An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, McAfee Web Gateway, openSUSE Leap, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/01/2019.
Revision date: 10/05/2019.
Identifiers: cpuapr2019, CVE-2018-16864, CVE-2018-16865, DLA-1639-1, DSA-4367-1, DSA-4367-2, openSUSE-SU-2019:0097-1, openSUSE-SU-2019:0098-1, RHSA-2019:0049-01, RHSA-2019:0204-01, SB10276, SUSE-SU-2019:0053-1, SUSE-SU-2019:0054-1, SUSE-SU-2019:0054-2, SUSE-SU-2019:0135-1, SUSE-SU-2019:0137-1, USN-3855-1, VIGILANCE-VUL-28232.
Description of the vulnerability
An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
systemd: out-of-bounds memory reading via Colon Log Messages
Synthesis of the vulnerability
An attacker can force a read at an invalid address via Colon Log Messages of systemd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 14/01/2019.
Revision date: 10/05/2019.
Identifiers: CVE-2018-16866, DSA-4367-1, DSA-4367-2, openSUSE-SU-2019:0097-1, openSUSE-SU-2019:0098-1, SUSE-SU-2019:0135-1, SUSE-SU-2019:0137-1, USN-3855-1, VIGILANCE-VUL-28257.
Description of the vulnerability
An attacker can force a read at an invalid address via Colon Log Messages of systemd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
GnuPG: creation of fake status messages
Synthesis of the vulnerability
An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Debian, Fedora, GnuPG, Junos Space, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 08/06/2018.
Revision date: 02/05/2019.
Identifiers: bulletinjul2018, CVE-2018-12020, DSA-4222-1, DSA-4223-1, FEDORA-2018-4ef71d3525, FEDORA-2018-69780fc4d7, FEDORA-2018-a4e13742b4, JSA10917, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, openSUSE-SU-2018:1722-1, openSUSE-SU-2018:1724-1, RHSA-2018:2180-01, RHSA-2018:2181-01, SSA:2018-159-01, SSA:2018-170-01, SUSE-SU-2018:1696-1, SUSE-SU-2018:1698-1, SUSE-SU-2018:2243-1, T4012, USN-3675-1, USN-3675-2, USN-3675-3, USN-3964-1, VIGILANCE-VUL-26364.
Description of the vulnerability
An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial) |
libvirt: denial of service via virDomainGetTime
Synthesis of the vulnerability
An attacker can trigger a fatal error via virDomainGetTime() of libvirt, in order to trigger a denial of service.
Impacted products: Debian.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 30/04/2019.
Identifiers: CVE-2016-10746, DLA-1772-1, VIGILANCE-VUL-29165.
Description of the vulnerability
An attacker can trigger a fatal error via virDomainGetTime() of libvirt, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
gst-plugins-base: buffer overflow
Synthesis of the vulnerability
An attacker can trigger a buffer overflow of gst-plugins-base, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Ubuntu.
Severity: 1/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet server.
Creation date: 29/04/2019.
Identifiers: CVE-2019-9928, DLA-1769-1, DLA-1770-1, DSA-4437-1, USN-3958-1, VIGILANCE-VUL-29148.
Description of the vulnerability
An attacker can trigger a buffer overflow of gst-plugins-base, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
ImageMagick: out-of-bounds memory reading via WriteTIFFImage
Synthesis of the vulnerability
An attacker can force a read at an invalid address via WriteTIFFImage() of ImageMagick, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 26/04/2019.
Identifiers: CVE-2019-10650, DLA-1785-1, DSA-4436-1, openSUSE-SU-2019:1320-1, openSUSE-SU-2019:1331-1, SUSE-SU-2019:1033-1, SUSE-SU-2019:1033-2, VIGILANCE-VUL-29141.
Description of the vulnerability
An attacker can force a read at an invalid address via WriteTIFFImage() of ImageMagick, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
ISC BIND: measure against denial of service ineffective
Synthesis of the vulnerability
An attacker can bypass restrictions to the amount of simultaneous TCP connections to ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, BIND, RHEL, Slackware, Synology DSM, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 25/04/2019.
Identifiers: CERTFR-2019-AVI-187, CVE-2018-5743, DSA-4440-1, K74009656, RHSA-2019:1145-01, SSA:2019-116-01, Synology-SA-19:20, USN-3956-1, USN-3956-2, VIGILANCE-VUL-29129.
Description of the vulnerability
An attacker can bypass restrictions to the amount of simultaneous TCP connections to ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Apache mod_auth_mellon: open redirect via Logout URL Checking
Synthesis of the vulnerability
An attacker can deceive the user via Logout URL Checking of Apache mod_auth_mellon, in order to redirect him to a malicious site.
Impacted products: Debian, Fedora, RHEL.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 25/03/2019.
Identifiers: CVE-2019-3877, DSA-4414-1, FEDORA-2019-db1e9b3002, RHSA-2019:0766-01, VIGILANCE-VUL-28828.
Description of the vulnerability
An attacker can deceive the user via Logout URL Checking of Apache mod_auth_mellon, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial) |
Vixie Cron: denial of service via Unlimited Crontab File
Synthesis of the vulnerability
An attacker can trigger a fatal error via Unlimited Crontab File of Vixie Cron, in order to trigger a denial of service.
Impacted products: Debian.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 22/03/2019.
Identifiers: CVE-2019-9705, DLA-1723-1, VIGILANCE-VUL-28805.
Description of the vulnerability
An attacker can trigger a fatal error via Unlimited Crontab File of Vixie Cron, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Vixie Cron: denial of service via Large Crontab File
Synthesis of the vulnerability
An attacker can trigger a fatal error via Large Crontab File of Vixie Cron, in order to trigger a denial of service.
Impacted products: Debian.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 22/03/2019.
Identifiers: CVE-2019-9704, DLA-1723-1, VIGILANCE-VUL-28804.
Description of the vulnerability
An attacker can trigger a fatal error via Large Crontab File of Vixie Cron, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Debian:
|