| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Red Hat Enterprise Linux
LibTIFF: out-of-bounds memory reading via TIFFWriteScanline
Synthesis of the vulnerability
An attacker can force a read at an invalid address via TIFFWriteScanline() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: LibTIFF, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/05/2018.
Identifiers: 2788, bulletinjan2019, CVE-2018-10779, openSUSE-SU-2018:2880-1, openSUSE-SU-2018:3370-1, openSUSE-SU-2018:3371-1, RHSA-2019:2053-01, SSA:2018-316-01, SUSE-SU-2018:2676-1, SUSE-SU-2018:2836-1, SUSE-SU-2018:3327-1, USN-3906-1, USN-3906-2, VIGILANCE-VUL-26081.
Description of the vulnerability
An attacker can force a read at an invalid address via TIFFWriteScanline() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
DPDK: information disclosure via Guest Physical Ranges
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Guest Physical Ranges of DPDK, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1059, FEDORA-2018-2c965abb15, openSUSE-SU-2018:1560-1, openSUSE-SU-2018:4003-1, RHSA-2018:2038-01, SUSE-SU-2018:1492-1, SUSE-SU-2018:3923-1, USN-3642-1, USN-3642-2, VIGILANCE-VUL-26075.
Description of the vulnerability
An attacker can bypass access restrictions to data via Guest Physical Ranges of DPDK, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
389 Directory Server: denial of service via Ldapsearch Large Filter
Synthesis of the vulnerability
An attacker can generate a fatal error via Ldapsearch Large Filter of 389 Directory Server, in order to trigger a denial of service.
Impacted products: Debian, RHEL, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1089, DLA-1428-1, RHSA-2018:1364-01, RHSA-2018:1380-01, SUSE-SU-2019:2155-1, VIGILANCE-VUL-26074.
Description of the vulnerability
An attacker can generate a fatal error via Ldapsearch Large Filter of 389 Directory Server, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: information disclosure via vhost_new_msg
Synthesis of the vulnerability
A local attacker can read a memory fragment via vhost_new_msg( of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Linux, openSUSE Leap, RHEL, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-428, CVE-2018-1118, DLA-1423-1, DLA-1424-1, DLA-1434-1, openSUSE-SU-2018:2119-1, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, USN-3762-1, USN-3762-2, VIGILANCE-VUL-26073.
Description of the vulnerability
A local attacker can read a memory fragment via vhost_new_msg( of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: privilege escalation via KVM DB Exceptions
Synthesis of the vulnerability
An attacker, inside a guest system, can bypass restrictions via KVM DB Exceptions of the Linux kernel, in order to escalate his privileges on the host system.
Impacted products: Debian, QRadar SIEM, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-224, CERTFR-2018-AVI-226, CERTFR-2018-AVI-228, CERTFR-2018-AVI-232, CERTFR-2018-AVI-584, CVE-2018-1087, DSA-4196-1, ibm10742755, RHSA-2018:1318-01, RHSA-2018:1345-01, RHSA-2018:1347-01, RHSA-2018:1348-01, RHSA-2018:1355-01, SUSE-SU-2018:1171-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1173-1, SUSE-SU-2018:1220-1, SUSE-SU-2018:1221-1, USN-3641-1, USN-3641-2, VIGILANCE-VUL-26072.
Description of the vulnerability
An attacker, inside a guest system, can bypass restrictions via KVM DB Exceptions of the Linux kernel, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: privilege escalation via DB Exceptions
Synthesis of the vulnerability
An attacker can bypass restrictions via DB Exceptions of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, BIG-IP Hardware, TMOS, FreeBSD, QRadar SIEM, Linux, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-224, CERTFR-2018-AVI-226, CERTFR-2018-AVI-228, CERTFR-2018-AVI-232, CERTFR-2018-AVI-584, CVE-2018-8897, DLA-1392-1, DSA-4196-1, FreeBSD-SA-18:06.debugreg, ibm10742755, K17403481, RHSA-2018:1318-01, RHSA-2018:1319-01, RHSA-2018:1345-01, RHSA-2018:1346-01, RHSA-2018:1347-01, RHSA-2018:1348-01, RHSA-2018:1349-01, RHSA-2018:1350-01, RHSA-2018:1351-01, RHSA-2018:1352-01, RHSA-2018:1353-01, RHSA-2018:1354-01, RHSA-2018:1355-01, SUSE-SU-2018:1171-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1173-1, SUSE-SU-2018:1220-1, SUSE-SU-2018:1221-1, Synology-SA-18:51, USN-3641-1, USN-3641-2, VIGILANCE-VUL-26071, VU#631579.
Description of the vulnerability
An attacker can bypass restrictions via DB Exceptions of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
wget: information disclosure via Cookies Injection
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Cookies Injection of wget, in order to obtain sensitive information.
Impacted products: Debian, Fedora, McAfee Web Gateway, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 09/05/2018.
Identifiers: CVE-2018-0494, DLA-1375-1, DSA-4195-1, FEDORA-2018-11b37d7a68, FEDORA-2018-29ebba0906, FEDORA-2018-f29459149a, openSUSE-SU-2018:1383-1, RHSA-2018:3052-01, SB10276, SSA:2018-129-02, SUSE-SU-2018:1367-1, SUSE-SU-2018:1373-1, USN-3643-1, USN-3643-2, VIGILANCE-VUL-26070.
Description of the vulnerability
An attacker can bypass access restrictions to data via Cookies Injection of wget, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Zsh: buffer overflow via checkmailpath
Synthesis of the vulnerability
An attacker can generate a buffer overflow via checkmailpath() of Zsh, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 07/05/2018.
Identifiers: bulletinoct2018, CVE-2018-1100, FEDORA-2018-ac1d9c2777, openSUSE-SU-2018:1893-1, openSUSE-SU-2018:2966-1, RHSA-2018:1932-01, RHSA-2018:3073-01, SSA:2019-013-01, SUSE-SU-2018:1874-1, USN-3764-1, VIGILANCE-VUL-26051.
Description of the vulnerability
An attacker can generate a buffer overflow via checkmailpath() of Zsh, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: use after free via do_get_mempolicy
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area via do_get_mempolicy() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: QRadar SIEM, Junos Space, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 03/05/2018.
Identifiers: CERTFR-2018-AVI-256, CERTFR-2018-AVI-319, CERTFR-2018-AVI-330, CERTFR-2018-AVI-386, CERTFR-2018-AVI-408, CERTFR-2018-AVI-457, CERTFR-2018-AVI-584, CVE-2018-10675, ibm10742755, JSA10917, RHSA-2018:2164-01, RHSA-2018:2384-01, RHSA-2018:2395-01, RHSA-2018:2785-01, RHSA-2018:2791-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, SUSE-SU-2018:1368-1, SUSE-SU-2018:1374-1, SUSE-SU-2018:1375-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1846-1, USN-3754-1, VIGILANCE-VUL-26038.
Description of the vulnerability
An attacker can force the usage of a freed memory area via do_get_mempolicy() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
LibreOffice/OpenOffice: information disclosure via SMB Credentials
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via SMB Credential of LibreOffice/OpenOffice, in order to obtain sensitive information.
Impacted products: OpenOffice, LibreOffice, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet server.
Creation date: 02/05/2018.
Identifiers: CVE-2018-10583, openSUSE-SU-2018:2532-1, openSUSE-SU-2018:2533-1, openSUSE-SU-2018:3796-1, RHSA-2018:3054-01, SUSE-SU-2018:2485-1, SUSE-SU-2018:2485-2, SUSE-SU-2018:2535-1, SUSE-SU-2018:3683-1, USN-3883-1, VIGILANCE-VUL-26023.
Description of the vulnerability
An attacker can bypass access restrictions to data via SMB Credential of LibreOffice/OpenOffice, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Red Hat Enterprise Linux:
|