The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian

vulnerability announce CVE-2018-16864 CVE-2018-16865

systemd: memory corruption via alloca

Synthesis of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, McAfee Web Gateway, openSUSE Leap, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/01/2019.
Revision date: 10/05/2019.
Identifiers: cpuapr2019, CVE-2018-16864, CVE-2018-16865, DLA-1639-1, DSA-4367-1, DSA-4367-2, openSUSE-SU-2019:0097-1, openSUSE-SU-2019:0098-1, RHSA-2019:0049-01, RHSA-2019:0204-01, SB10276, SUSE-SU-2019:0053-1, SUSE-SU-2019:0054-1, SUSE-SU-2019:0054-2, SUSE-SU-2019:0135-1, SUSE-SU-2019:0137-1, USN-3855-1, VIGILANCE-VUL-28232.

Description of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-16866

systemd: out-of-bounds memory reading via Colon Log Messages

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Colon Log Messages of systemd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 14/01/2019.
Revision date: 10/05/2019.
Identifiers: CVE-2018-16866, DSA-4367-1, DSA-4367-2, openSUSE-SU-2019:0097-1, openSUSE-SU-2019:0098-1, SUSE-SU-2019:0135-1, SUSE-SU-2019:0137-1, USN-3855-1, VIGILANCE-VUL-28257.

Description of the vulnerability

An attacker can force a read at an invalid address via Colon Log Messages of systemd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-12020

GnuPG: creation of fake status messages

Synthesis of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Debian, Fedora, GnuPG, Junos Space, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 08/06/2018.
Revision date: 02/05/2019.
Identifiers: bulletinjul2018, CVE-2018-12020, DSA-4222-1, DSA-4223-1, FEDORA-2018-4ef71d3525, FEDORA-2018-69780fc4d7, FEDORA-2018-a4e13742b4, JSA10917, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, openSUSE-SU-2018:1722-1, openSUSE-SU-2018:1724-1, RHSA-2018:2180-01, RHSA-2018:2181-01, SSA:2018-159-01, SSA:2018-170-01, SUSE-SU-2018:1696-1, SUSE-SU-2018:1698-1, SUSE-SU-2018:2243-1, T4012, USN-3675-1, USN-3675-2, USN-3675-3, USN-3964-1, VIGILANCE-VUL-26364.

Description of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-10746

libvirt: denial of service via virDomainGetTime

Synthesis of the vulnerability

An attacker can trigger a fatal error via virDomainGetTime() of libvirt, in order to trigger a denial of service.
Impacted products: Debian.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 30/04/2019.
Identifiers: CVE-2016-10746, DLA-1772-1, VIGILANCE-VUL-29165.

Description of the vulnerability

An attacker can trigger a fatal error via virDomainGetTime() of libvirt, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-9928

gst-plugins-base: buffer overflow

Synthesis of the vulnerability

An attacker can trigger a buffer overflow of gst-plugins-base, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Ubuntu.
Severity: 1/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet server.
Creation date: 29/04/2019.
Identifiers: CVE-2019-9928, DLA-1769-1, DLA-1770-1, DSA-4437-1, USN-3958-1, VIGILANCE-VUL-29148.

Description of the vulnerability

An attacker can trigger a buffer overflow of gst-plugins-base, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-10650

ImageMagick: out-of-bounds memory reading via WriteTIFFImage

Synthesis of the vulnerability

An attacker can force a read at an invalid address via WriteTIFFImage() of ImageMagick, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 26/04/2019.
Identifiers: CVE-2019-10650, DLA-1785-1, DSA-4436-1, openSUSE-SU-2019:1320-1, openSUSE-SU-2019:1331-1, SUSE-SU-2019:1033-1, SUSE-SU-2019:1033-2, VIGILANCE-VUL-29141.

Description of the vulnerability

An attacker can force a read at an invalid address via WriteTIFFImage() of ImageMagick, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-5743

ISC BIND: measure against denial of service ineffective

Synthesis of the vulnerability

An attacker can bypass restrictions to the amount of simultaneous TCP connections to ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, BIND, RHEL, Slackware, Synology DSM, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 25/04/2019.
Identifiers: CERTFR-2019-AVI-187, CVE-2018-5743, DSA-4440-1, K74009656, RHSA-2019:1145-01, SSA:2019-116-01, Synology-SA-19:20, USN-3956-1, USN-3956-2, VIGILANCE-VUL-29129.

Description of the vulnerability

An attacker can bypass restrictions to the amount of simultaneous TCP connections to ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-3877

Apache mod_auth_mellon: open redirect via Logout URL Checking

Synthesis of the vulnerability

An attacker can deceive the user via Logout URL Checking of Apache mod_auth_mellon, in order to redirect him to a malicious site.
Impacted products: Debian, Fedora, RHEL.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 25/03/2019.
Identifiers: CVE-2019-3877, DSA-4414-1, FEDORA-2019-db1e9b3002, RHSA-2019:0766-01, VIGILANCE-VUL-28828.

Description of the vulnerability

An attacker can deceive the user via Logout URL Checking of Apache mod_auth_mellon, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-9705

Vixie Cron: denial of service via Unlimited Crontab File

Synthesis of the vulnerability

An attacker can trigger a fatal error via Unlimited Crontab File of Vixie Cron, in order to trigger a denial of service.
Impacted products: Debian.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 22/03/2019.
Identifiers: CVE-2019-9705, DLA-1723-1, VIGILANCE-VUL-28805.

Description of the vulnerability

An attacker can trigger a fatal error via Unlimited Crontab File of Vixie Cron, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-9704

Vixie Cron: denial of service via Large Crontab File

Synthesis of the vulnerability

An attacker can trigger a fatal error via Large Crontab File of Vixie Cron, in order to trigger a denial of service.
Impacted products: Debian.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 22/03/2019.
Identifiers: CVE-2019-9704, DLA-1723-1, VIGILANCE-VUL-28804.

Description of the vulnerability

An attacker can trigger a fatal error via Large Crontab File of Vixie Cron, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian: