The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian

computer vulnerability alert CVE-2018-20199 CVE-2018-20360

Freeware Advanced Audio Coder: NULL pointer dereference via ifilter_bank

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ifilter_bank() of Freeware Advanced Audio Coder, in order to trigger a denial of service.
Impacted products: Debian.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 29/08/2019.
Identifiers: CVE-2018-20199, CVE-2018-20360, DLA-1899-1, VIGILANCE-VUL-30196.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ifilter_bank() of Freeware Advanced Audio Coder, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-14809

Go: information disclosure via Net/url Authorization Bypass

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Net/url Authorization Bypass of Go, in order to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 19/08/2019.
Identifiers: CVE-2019-14809, DSA-4503-1, openSUSE-SU-2019:2000-1, openSUSE-SU-2019:2056-1, openSUSE-SU-2019:2072-1, openSUSE-SU-2019:2085-1, SUSE-SU-2019:2213-1, SUSE-SU-2019:2214-1, VIGILANCE-VUL-30063.

Description of the vulnerability

An attacker can bypass access restrictions to data via Net/url Authorization Bypass of Go, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-18509

Linux kernel: memory corruption via net/ipv6/ip6mr.c

Synthesis of the vulnerability

An attacker can trigger a memory corruption via net/ipv6/ip6mr.c of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Linux, Slackware.
Severity: 1/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: privileged shell.
Creation date: 14/08/2019.
Identifiers: CERTFR-2019-AVI-392, CVE-2017-18509, DLA-1884-1, DLA-1885-1, DSA-4497-1, SSA:2019-226-01, VIGILANCE-VUL-30050.

Description of the vulnerability

An attacker can trigger a memory corruption via net/ipv6/ip6mr.c of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-1125

Intel 64-bit CPU: information disclosure via SWAPGS

Synthesis of the vulnerability

A local attacker can read a memory fragment via SWAPGS of Intel 64-bit CPU, in order to obtain sensitive information.
Impacted products: SNS, Arkoon FAST360, Debian, BIG-IP Hardware, TMOS, Fedora, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, NETASQ, OpenBSD, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 07/08/2019.
Identifiers: CERTFR-2019-AVI-375, CERTFR-2019-AVI-376, CERTFR-2019-AVI-381, CERTFR-2019-AVI-390, CERTFR-2019-AVI-391, CERTFR-2019-AVI-392, CERTFR-2019-AVI-417, CERTFR-2019-AVI-418, CERTFR-2019-AVI-428, CERTFR-2019-AVI-440, CVE-2019-1125, DLA-1884-1, DLA-1885-1, DSA-4495-1, DSA-4497-1, FEDORA-2019-6bda4c81f4, FEDORA-2019-e37c348348, K31085564, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, RHSA-2019:2405-01, RHSA-2019:2411-01, RHSA-2019:2473-01, RHSA-2019:2476-01, RHSA-2019:2600-01, RHSA-2019:2609-01, RHSA-2019:2695-01, RHSA-2019:2696-01, RHSA-2019:2730-01, SSA:2019-226-01, STORM-2019-007, SUSE-SU-2019:14157-1, SUSE-SU-2019:2068-1, SUSE-SU-2019:2069-1, SUSE-SU-2019:2070-1, SUSE-SU-2019:2071-1, SUSE-SU-2019:2072-1, SUSE-SU-2019:2073-1, SUSE-SU-2019:2262-1, SUSE-SU-2019:2263-1, SUSE-SU-2019:2299-1, SWAPGS, Synology-SA-19:32, USN-4093-1, USN-4094-1, USN-4095-1, USN-4095-2, USN-4096-1, VIGILANCE-VUL-29962.

Description of the vulnerability

A local attacker can read a memory fragment via SWAPGS of Intel 64-bit CPU, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-10207

Linux kernel: denial of service via Bluetooth hci_uart

Synthesis of the vulnerability

An attacker can trigger a fatal error via Bluetooth hci_uart() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 02/08/2019.
Identifiers: CERTFR-2019-AVI-381, CERTFR-2019-AVI-392, CERTFR-2019-AVI-418, CERTFR-2019-AVI-419, CERTFR-2019-AVI-441, CVE-2019-10207, DLA-1884-1, DLA-1885-1, DSA-4495-1, DSA-4497-1, FEDORA-2019-7aecfe1c4b, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, SSA:2019-226-01, SUSE-SU-2019:2263-1, SUSE-SU-2019:2299-1, USN-4115-1, USN-4115-2, USN-4118-1, VIGILANCE-VUL-29937.

Description of the vulnerability

An attacker can trigger a fatal error via Bluetooth hci_uart() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-14284

Linux kernel: denial of service via setup_format_params

Synthesis of the vulnerability

An attacker can trigger a fatal error via setup_format_params() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Tivoli Storage Manager, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: document.
Creation date: 29/07/2019.
Identifiers: CERTFR-2019-AVI-376, CERTFR-2019-AVI-381, CERTFR-2019-AVI-392, CERTFR-2019-AVI-417, CERTFR-2019-AVI-418, CERTFR-2019-AVI-419, CERTFR-2019-AVI-441, CVE-2019-14284, DLA-1884-1, DLA-1885-1, DSA-4495-1, DSA-4497-1, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, SSA:2019-226-01, SUSE-SU-2019:14157-1, SUSE-SU-2019:2068-1, SUSE-SU-2019:2069-1, SUSE-SU-2019:2070-1, SUSE-SU-2019:2071-1, SUSE-SU-2019:2072-1, SUSE-SU-2019:2073-1, SUSE-SU-2019:2262-1, SUSE-SU-2019:2263-1, SUSE-SU-2019:2299-1, USN-4114-1, USN-4115-1, USN-4115-2, USN-4116-1, USN-4117-1, USN-4118-1, VIGILANCE-VUL-29904.

Description of the vulnerability

An attacker can trigger a fatal error via setup_format_params() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-14283

Linux kernel: out-of-bounds memory reading via set_geometry

Synthesis of the vulnerability

An attacker can force a read at an invalid address via set_geometry() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Tivoli Storage Manager, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading, denial of service on server.
Provenance: user shell.
Creation date: 29/07/2019.
Identifiers: CERTFR-2019-AVI-376, CERTFR-2019-AVI-381, CERTFR-2019-AVI-392, CERTFR-2019-AVI-417, CERTFR-2019-AVI-418, CERTFR-2019-AVI-419, CERTFR-2019-AVI-441, CVE-2019-14283, DLA-1884-1, DLA-1885-1, DSA-4495-1, DSA-4497-1, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, SSA:2019-226-01, SUSE-SU-2019:14157-1, SUSE-SU-2019:2068-1, SUSE-SU-2019:2069-1, SUSE-SU-2019:2070-1, SUSE-SU-2019:2071-1, SUSE-SU-2019:2072-1, SUSE-SU-2019:2073-1, SUSE-SU-2019:2262-1, SUSE-SU-2019:2263-1, SUSE-SU-2019:2299-1, USN-4114-1, USN-4115-1, USN-4115-2, USN-4116-1, USN-4117-1, USN-4118-1, VIGILANCE-VUL-29903.

Description of the vulnerability

An attacker can force a read at an invalid address via set_geometry() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-13057

OpenLDAP: privilege escalation via rootDN

Synthesis of the vulnerability

An attacker can bypass restrictions via rootDN of OpenLDAP, in order to escalate his privileges.
Impacted products: Debian, OpenLDAP, Ubuntu.
Severity: 1/4.
Consequences: privileged access/rights.
Provenance: privileged account.
Creation date: 29/07/2019.
Identifiers: 9038, CVE-2019-13057, DLA-1891-1, USN-4078-1, USN-4078-2, VIGILANCE-VUL-29899.

Description of the vulnerability

An attacker can bypass restrictions via rootDN of OpenLDAP, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-13631

Linux kernel: buffer overflow via parse_hid_report_descriptor

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via parse_hid_report_descriptor() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 26/07/2019.
Identifiers: CERTFR-2019-AVI-376, CERTFR-2019-AVI-381, CERTFR-2019-AVI-392, CERTFR-2019-AVI-417, CERTFR-2019-AVI-418, CERTFR-2019-AVI-419, CERTFR-2019-AVI-441, CVE-2019-13631, DLA-1884-1, DLA-1885-1, DSA-4495-1, DSA-4497-1, FEDORA-2019-3dbfaeac73, FEDORA-2019-9d3fe6fd5b, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, RHBUG-1731000, SSA:2019-226-01, SUSE-SU-2019:14157-1, SUSE-SU-2019:2068-1, SUSE-SU-2019:2069-1, SUSE-SU-2019:2070-1, SUSE-SU-2019:2071-1, SUSE-SU-2019:2072-1, SUSE-SU-2019:2073-1, SUSE-SU-2019:2262-1, SUSE-SU-2019:2263-1, SUSE-SU-2019:2299-1, USN-4115-1, USN-4115-2, USN-4118-1, VIGILANCE-VUL-29889.

Description of the vulnerability

An attacker can trigger a buffer overflow via parse_hid_report_descriptor() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-13648

Linux kernel: denial of service via Powerpc Hardware Transactional Memory

Synthesis of the vulnerability

An attacker can trigger a fatal error via Powerpc Hardware Transactional Memory of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: document.
Creation date: 22/07/2019.
Identifiers: CERTFR-2019-AVI-376, CERTFR-2019-AVI-381, CERTFR-2019-AVI-392, CERTFR-2019-AVI-418, CERTFR-2019-AVI-419, CERTFR-2019-AVI-441, CVE-2019-13648, DLA-1885-1, DSA-4495-1, DSA-4497-1, FEDORA-2019-7aecfe1c4b, openSUSE-SU-2019:1923-1, openSUSE-SU-2019:1924-1, SSA:2019-226-01, SUSE-SU-2019:2068-1, SUSE-SU-2019:2069-1, SUSE-SU-2019:2070-1, SUSE-SU-2019:2071-1, SUSE-SU-2019:2072-1, SUSE-SU-2019:2073-1, SUSE-SU-2019:2262-1, SUSE-SU-2019:2263-1, USN-4114-1, USN-4115-1, USN-4115-2, USN-4116-1, VIGILANCE-VUL-29846.

Description of the vulnerability

An attacker can trigger a fatal error via Powerpc Hardware Transactional Memory of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian: