The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian

computer vulnerability alert CVE-2019-15681

LibVNC: information disclosure via rfbSendServerCutText

Synthesis of the vulnerability

A local attacker can read a memory fragment via rfbSendServerCutText() of LibVNC, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 30/10/2019.
Identifiers: CVE-2019-15681, DLA-1977-1, DLA-1979-1, VIGILANCE-VUL-30750.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a memory fragment via rfbSendServerCutText() of LibVNC, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-3689

nfs-utils: read-write access via /var/lib/nfs

Synthesis of the vulnerability

An attacker can bypass access restrictions via /var/lib/nfs of nfs-utils, in order to read or alter data.
Severity: 1/4.
Creation date: 21/10/2019.
Identifiers: CVE-2019-3689, DLA-1965-1, openSUSE-SU-2019:2408-1, openSUSE-SU-2019:2435-1, VIGILANCE-VUL-30672.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions via /var/lib/nfs of nfs-utils, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2019-16276

Go: filter bypass

Synthesis of the vulnerability

An attacker can make a Go program accept ill formed HTTP requests, in order to by pass filters.
Severity: 1/4.
Creation date: 30/09/2019.
Identifiers: CVE-2019-16276, DSA-4534-1, SUSE-SU-2019:2940-1, VIGILANCE-VUL-30469.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can make a Go program accept ill formed HTTP requests, in order to by pass filters.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-7588 CVE-2018-7589 CVE-2018-7637

cimg: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of cimg.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 8.
Creation date: 30/09/2019.
Identifiers: CVE-2018-7588, CVE-2018-7589, CVE-2018-7637, CVE-2018-7638, CVE-2018-7639, CVE-2018-7640, CVE-2018-7641, CVE-2019-1010174, DLA-1934-1, VIGILANCE-VUL-30468.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of cimg.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2019-5094

e2fsprogs: code execution via quota

Synthesis of the vulnerability

An attacker can use a vulnerability via quota of e2fsprogs, in order to run code.
Severity: 1/4.
Creation date: 30/09/2019.
Identifiers: CVE-2019-5094, DLA-1935-1, DSA-4535-1, USN-4142-1, USN-4142-2, VIGILANCE-VUL-30467.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via quota of e2fsprogs, in order to run code.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2019-15941

Lemonldap-NG: privilege escalation via OIDC authorization

Synthesis of the vulnerability

An attacker can bypass restrictions via OIDC of Lemonldap::NG, in order to escalate his privileges.
Severity: 1/4.
Creation date: 26/09/2019.
Identifiers: CVE-2019-15941, DSA-4533-1, VIGILANCE-VUL-30414.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via OIDC of Lemonldap::NG, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2019-15917

Linux kernel: use after free via hci_uart_register_dev

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via hci_uart_register_dev() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Severity: 1/4.
Creation date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-455, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-530, CVE-2019-15917, DLA-1930-1, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, VIGILANCE-VUL-30405.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via hci_uart_register_dev() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2018-21008

Linux kernel: use after free via rsi_mac80211_detach

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via rsi_mac80211_detach() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Severity: 1/4.
Creation date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-455, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-527, CERTFR-2019-AVI-530, CVE-2018-21008, DLA-1930-1, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, USN-4162-1, USN-4162-2, USN-4163-1, USN-4163-2, VIGILANCE-VUL-30403.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via rsi_mac80211_detach() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-20976

Linux kernel: use after free via fs/xfs/xfs_super.c

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via fs/xfs/xfs_super.c of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Severity: 1/4.
Creation date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-455, CERTFR-2019-AVI-478, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-530, CERTFR-2019-AVI-561, CVE-2018-20976, DLA-1930-1, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, SSA:2019-311-01, SUSE-SU-2019:14218-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, SUSE-SU-2019:2949-1, SUSE-SU-2019:2950-1, SUSE-SU-2019:2984-1, USN-4144-1, USN-4145-1, VIGILANCE-VUL-30400.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via fs/xfs/xfs_super.c of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2019-14835

Linux kernel: buffer overflow via vhost/vhost_net

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a buffer overflow via vhost/vhost_net of the Linux kernel, in order to trigger a denial of service, and possibly to run code on the host system.
Severity: 2/4.
Creation date: 17/09/2019.
Revision date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-448, CERTFR-2019-AVI-451, CERTFR-2019-AVI-455, CERTFR-2019-AVI-457, CERTFR-2019-AVI-466, CERTFR-2019-AVI-467, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-530, CERTFR-2019-AVI-561, CVE-2019-14835, DLA-1930-1, DLA-1940-1, DSA-4531-1, FEDORA-2019-a570a92d5a, FEDORA-2019-e3010166bd, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, RHSA-2019:2827-01, RHSA-2019:2828-01, RHSA-2019:2829-01, RHSA-2019:2830-01, RHSA-2019:2854-01, RHSA-2019:2862-01, RHSA-2019:2863-01, RHSA-2019:2864-01, RHSA-2019:2865-01, RHSA-2019:2866-01, RHSA-2019:2867-01, RHSA-2019:2869-01, RHSA-2019:2899-01, RHSA-2019:2900-01, RHSA-2019:2901-01, SSA:2019-311-01, SUSE-SU-2019:14218-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, SUSE-SU-2019:2949-1, SUSE-SU-2019:2950-1, SUSE-SU-2019:2984-1, USN-4135-1, USN-4135-2, VIGILANCE-VUL-30355.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can trigger a buffer overflow via vhost/vhost_net of the Linux kernel, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian: