The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Google Android Gingerbread

computer vulnerability note CVE-2018-1000199

Linux kernel: privilege escalation via Ptrace Hardware Breakpoint Settings

Synthesis of the vulnerability

An attacker can bypass restrictions via Ptrace Hardware Breakpoint Settings of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Android OS, QRadar SIEM, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 02/05/2018.
Identifiers: CERTFR-2018-AVI-226, CERTFR-2018-AVI-228, CERTFR-2018-AVI-256, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2018-AVI-584, CVE-2018-1000199, DLA-1369-1, DSA-4187-1, DSA-4188-1, ibm10742755, openSUSE-SU-2018:1418-1, RHSA-2018:1318-01, RHSA-2018:1345-01, RHSA-2018:1347-01, RHSA-2018:1348-01, RHSA-2018:1354-01, RHSA-2018:1355-01, RHSA-2018:1374-01, SUSE-SU-2018:1366-1, SUSE-SU-2018:1368-1, SUSE-SU-2018:1374-1, SUSE-SU-2018:1375-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1846-1, SUSE-SU-2018:1855-1, Synology-SA-18:51, USN-3641-1, USN-3641-2, VIGILANCE-VUL-25999.

Description of the vulnerability

An attacker can bypass restrictions via Ptrace Hardware Breakpoint Settings of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-9016

Linux kernel: use after free via blk_mq_tag_to_rq

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via blk_mq_tag_to_rq() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, Linux.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 02/05/2018.
Identifiers: CVE-2015-9016, DSA-4187-1, VIGILANCE-VUL-25997.

Description of the vulnerability

An attacker can force the usage of a freed memory area via blk_mq_tag_to_rq() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-13305

Linux kernel: out-of-bounds memory reading via Keyring Subsystem

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Keyring Subsystem of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on server.
Provenance: user shell.
Creation date: 24/04/2018.
Identifiers: CERTFR-2018-AVI-198, CERTFR-2018-AVI-250, CERTFR-2018-AVI-299, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2018-AVI-330, CERTFR-2018-AVI-392, CERTFR-2018-AVI-426, CVE-2017-13305, DLA-1731-1, DLA-1731-2, openSUSE-SU-2018:1773-1, RHSA-2018:2165-01, SUSE-SU-2018:1761-1, SUSE-SU-2018:1762-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1855-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2637-1, USN-3631-1, USN-3631-2, USN-3655-1, USN-3655-2, VIGILANCE-VUL-25956.

Description of the vulnerability

An attacker can force a read at an invalid address via Keyring Subsystem of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-5269

OpenCV: assertion error via cv-RBaseStream-setPos

Synthesis of the vulnerability

An attacker can force an assertion error via cv::RBaseStream::setPos() of OpenCV, in order to trigger a denial of service.
Impacted products: Debian, Android OS, openSUSE Leap.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 19/04/2018.
Identifiers: CVE-2018-5269, DLA-1354-1, DLA-1438-1, openSUSE-SU-2018:1438-1, VIGILANCE-VUL-25928.

Description of the vulnerability

An attacker can force an assertion error via cv::RBaseStream::setPos() of OpenCV, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-5268

OpenCV: buffer overflow via cv-Jpeg2KDecoder-readComponent8u

Synthesis of the vulnerability

An attacker can generate a buffer overflow via cv::Jpeg2KDecoder::readComponent8u() of OpenCV, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 19/04/2018.
Identifiers: CVE-2018-5268, DLA-1354-1, DLA-1438-1, openSUSE-SU-2018:1438-1, VIGILANCE-VUL-25927.

Description of the vulnerability

An attacker can generate a buffer overflow via cv::Jpeg2KDecoder::readComponent8u() of OpenCV, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-9725

Linux kernel: memory corruption via DMA Allocation

Synthesis of the vulnerability

An attacker can generate a memory corruption via DMA Allocation of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, RHEL.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 10/04/2018.
Identifiers: CVE-2017-9725, RHSA-2018:0676-01, RHSA-2018:1062-01, RHSA-2018:1130-01, RHSA-2018:1170-01, VIGILANCE-VUL-25817.

Description of the vulnerability

An attacker can generate a memory corruption via DMA Allocation of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-18249

Linux kernel: denial of service via add_free_nid

Synthesis of the vulnerability

An attacker can generate a fatal error via add_free_nid() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 27/03/2018.
Identifiers: CERTFR-2018-AVI-301, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2019-AVI-145, CVE-2017-18249, DLA-1715-1, openSUSE-SU-2018:1773-1, SSA:2019-030-01, SUSE-SU-2018:1772-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1855-1, SUSE-SU-2019:0470-1, SUSE-SU-2019:0901-1, USN-3932-1, USN-3932-2, VIGILANCE-VUL-25659.

Description of the vulnerability

An attacker can generate a fatal error via add_free_nid() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-5146

Libvorbis: memory corruption via Codebook

Synthesis of the vulnerability

An attacker can generate a memory corruption via Codebook of Libvorbis, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 19/03/2018.
Identifiers: bulletinapr2018, CVE-2018-5146, DLA-1368-1, DSA-4140-1, FEDORA-2018-061bafe369, FEDORA-2018-f26d891469, FEDORA-2019-2e385f97e2, openSUSE-SU-2018:0805-1, RHSA-2018:0649-01, RHSA-2018:1058-01, SSA:2018-076-01, USN-3604-1, VIGILANCE-VUL-25574, ZDI-18-263.

Description of the vulnerability

An attacker can generate a memory corruption via Codebook of Libvorbis, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1068

Linux kernel: memory corruption via ebtables CONFIG_COMPAT

Synthesis of the vulnerability

An attacker can generate a memory corruption via ebtables CONFIG_COMPAT of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, QRadar SIEM, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: privileged shell.
Creation date: 16/03/2018.
Identifiers: CERTFR-2018-AVI-147, CERTFR-2018-AVI-161, CERTFR-2018-AVI-197, CERTFR-2018-AVI-228, CERTFR-2018-AVI-250, CERTFR-2018-AVI-257, CERTFR-2018-AVI-277, CERTFR-2018-AVI-392, CERTFR-2018-AVI-426, CERTFR-2018-AVI-584, CVE-2018-1068, DLA-1369-1, DSA-4187-1, DSA-4188-1, FEDORA-2018-296bf0c332, FEDORA-2018-959aac67a3, ibm10742755, openSUSE-SU-2018:0781-1, RHSA-2018:1318-01, RHSA-2018:1355-01, RHSA-2018:2948-01, RHSA-2019:1170-01, RHSA-2019:1190-01, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0834-1, SUSE-SU-2018:0848-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2637-1, USN-3654-1, USN-3654-2, USN-3656-1, USN-3674-1, USN-3674-2, USN-3677-1, USN-3677-2, VIGILANCE-VUL-25571.

Description of the vulnerability

An attacker can generate a memory corruption via ebtables CONFIG_COMPAT of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-5703

Linux kernel: memory corruption via tcp_v6_syn_recv_sock

Synthesis of the vulnerability

An attacker can generate a memory corruption via tcp_v6_syn_recv_sock() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Android OS, Linux.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 14/03/2018.
Identifiers: CVE-2018-5703, FEDORA-2018-2bce10900e, VIGILANCE-VUL-25550.

Description of the vulnerability

An attacker can generate a memory corruption via tcp_v6_syn_recv_sock() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Google Android Gingerbread: