| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of SLES
Linux kernel: information disclosure via kvm_read_guest_virt
Synthesis of the vulnerability
A local attacker can read a memory fragment via kvm_read_guest_virt() of the Linux kernel, in order to obtain sensitive information.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 13/02/2019.
Identifiers: CERTFR-2019-AVI-114, CVE-2019-7222, FEDORA-2019-164946aa7f, FEDORA-2019-3da64f3e61, openSUSE-SU-2019:0203-1, openSUSE-SU-2019:0274-1, SUSE-SU-2019:0541-1, SUSE-SU-2019:13979-1, VIGILANCE-VUL-28495.
Description of the vulnerability
A local attacker can read a memory fragment via kvm_read_guest_virt() of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: denial of service via change_port_settings
Synthesis of the vulnerability
An attacker can trigger a fatal error via change_port_settings() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 01/02/2019.
Identifiers: CERTFR-2019-AVI-114, CVE-2017-18360, SUSE-SU-2019:13979-1, VIGILANCE-VUL-28420.
Description of the vulnerability
An attacker can trigger a fatal error via change_port_settings() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
FreeRDP: information disclosure via drdynvc_process_capability_request
Synthesis of the vulnerability
A local attacker can read a memory fragment via drdynvc_process_capability_request() of FreeRDP, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 22/01/2019.
Identifiers: CVE-2018-1000852, FEDORA-2019-e3b2885a25, openSUSE-SU-2019:0096-1, openSUSE-SU-2019:0325-1, SUSE-SU-2019:0134-1, SUSE-SU-2019:0539-1, VIGILANCE-VUL-28320.
Description of the vulnerability
A local attacker can read a memory fragment via drdynvc_process_capability_request() of FreeRDP, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
LIVE555 Streaming Media Library: denial of service via RTSPServer handleHTTPCmd_TunnelingPOST
Synthesis of the vulnerability
An attacker can trigger a fatal error via RTSPServer handleHTTPCmd_TunnelingPOST() of LIVE555 Streaming Media Library, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 18/01/2019.
Identifiers: CVE-2019-6256, DLA-1690-1, DSA-4408-1, openSUSE-SU-2019:0058-1, VIGILANCE-VUL-28306.
Description of the vulnerability
An attacker can trigger a fatal error via RTSPServer handleHTTPCmd_TunnelingPOST() of LIVE555 Streaming Media Library, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
gitolite: code execution via Rsync Command Line Options
Synthesis of the vulnerability
An attacker can use a vulnerability via Rsync Command Line Options of gitolite, in order to run code.
Impacted products: Fedora, openSUSE Leap, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 18/01/2019.
Identifiers: CVE-2018-20683, FEDORA-2019-b276ee69a8, FEDORA-2019-b6ce519120, openSUSE-SU-2019:0054-1, VIGILANCE-VUL-28305.
Description of the vulnerability
An attacker can use a vulnerability via Rsync Command Line Options of gitolite, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: memory corruption via sk_clone_lock
Synthesis of the vulnerability
An attacker can trigger a memory corruption via sk_clone_lock() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 18/01/2019.
Identifiers: CERTFR-2019-AVI-038, CERTFR-2019-AVI-042, CERTFR-2019-AVI-044, CERTFR-2019-AVI-051, CERTFR-2019-AVI-071, CERTFR-2019-AVI-112, CERTFR-2019-AVI-114, CVE-2018-9568, openSUSE-SU-2019:0065-1, openSUSE-SU-2019:0140-1, RHSA-2019:0512-01, RHSA-2019:0514-01, SUSE-SU-2019:0148-1, SUSE-SU-2019:0196-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0320-1, SUSE-SU-2019:0439-1, SUSE-SU-2019:0541-1, SUSE-SU-2019:13937-1, SUSE-SU-2019:13979-1, USN-3880-1, USN-3880-2, VIGILANCE-VUL-28304.
Description of the vulnerability
An attacker can trigger a memory corruption via sk_clone_lock() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
SSSD: privilege escalation via Root Directory Home
Synthesis of the vulnerability
An attacker can bypass restrictions via Root Directory Home of SSSD, in order to escalate his privileges.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 17/01/2019.
Identifiers: CVE-2019-3811, DLA-1635-1, openSUSE-SU-2019:0344-1, SUSE-SU-2019:0542-1, SUSE-SU-2019:0552-1, SUSE-SU-2019:0556-1, VIGILANCE-VUL-28301.
Description of the vulnerability
An attacker can bypass restrictions via Root Directory Home of SSSD, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
HAProxy: denial of service via HTTP/2 Priority Flag
Synthesis of the vulnerability
An attacker can trigger a fatal error via HTTP/2 Priority Flag of HAProxy, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE Leap, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 15/01/2019.
Identifiers: CVE-2018-20615, FEDORA-2019-0398d1b049, FEDORA-2019-c7da53319c, openSUSE-SU-2019:0166-1, RHSA-2019:0275-01, SUSE-SU-2019:0232-1, USN-3858-1, VIGILANCE-VUL-28274.
Description of the vulnerability
An attacker can trigger a fatal error via HTTP/2 Priority Flag of HAProxy, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
OpenSSH scp, PuTTY PSCP: spoofing via Scp Client ANSI Codes stderr File Hidding
Synthesis of the vulnerability
An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Impacted products: OpenSSH, openSUSE Leap, PuTTY, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: disguisement.
Provenance: internet server.
Creation date: 14/01/2019.
Identifiers: CVE-2019-6110, openSUSE-SU-2019:0091-1, openSUSE-SU-2019:0093-1, SUSE-SU-2019:0125-1, SUSE-SU-2019:0126-1, SUSE-SU-2019:0132-1, SUSE-SU-2019:13931-1, VIGILANCE-VUL-28262.
Description of the vulnerability
An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial) |
OpenSSH scp, PuTTY PSCP: spoofing via Scp Client ANSI Codes File Hidding
Synthesis of the vulnerability
An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Impacted products: Debian, OpenSSH, openSUSE Leap, PuTTY, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: disguisement.
Provenance: internet server.
Creation date: 14/01/2019.
Identifiers: CVE-2019-6109, DSA-4387-1, DSA-4387-2, openSUSE-SU-2019:0091-1, openSUSE-SU-2019:0093-1, openSUSE-SU-2019:0307-1, SUSE-SU-2019:0125-1, SUSE-SU-2019:0126-1, SUSE-SU-2019:0132-1, SUSE-SU-2019:0496-1, SUSE-SU-2019:13931-1, USN-3885-1, USN-3885-2, VIGILANCE-VUL-28261.
Description of the vulnerability
An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about SLES:
|