The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SLES

computer vulnerability CVE-2019-7222

Linux kernel: information disclosure via kvm_read_guest_virt

Synthesis of the vulnerability

A local attacker can read a memory fragment via kvm_read_guest_virt() of the Linux kernel, in order to obtain sensitive information.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 13/02/2019.
Identifiers: CERTFR-2019-AVI-114, CVE-2019-7222, FEDORA-2019-164946aa7f, FEDORA-2019-3da64f3e61, openSUSE-SU-2019:0203-1, openSUSE-SU-2019:0274-1, SUSE-SU-2019:0541-1, SUSE-SU-2019:13979-1, VIGILANCE-VUL-28495.

Description of the vulnerability

A local attacker can read a memory fragment via kvm_read_guest_virt() of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-18360

Linux kernel: denial of service via change_port_settings

Synthesis of the vulnerability

An attacker can trigger a fatal error via change_port_settings() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 01/02/2019.
Identifiers: CERTFR-2019-AVI-114, CVE-2017-18360, SUSE-SU-2019:13979-1, VIGILANCE-VUL-28420.

Description of the vulnerability

An attacker can trigger a fatal error via change_port_settings() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1000852

FreeRDP: information disclosure via drdynvc_process_capability_request

Synthesis of the vulnerability

A local attacker can read a memory fragment via drdynvc_process_capability_request() of FreeRDP, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 22/01/2019.
Identifiers: CVE-2018-1000852, FEDORA-2019-e3b2885a25, openSUSE-SU-2019:0096-1, openSUSE-SU-2019:0325-1, SUSE-SU-2019:0134-1, SUSE-SU-2019:0539-1, VIGILANCE-VUL-28320.

Description of the vulnerability

A local attacker can read a memory fragment via drdynvc_process_capability_request() of FreeRDP, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-6256

LIVE555 Streaming Media Library: denial of service via RTSPServer handleHTTPCmd_TunnelingPOST

Synthesis of the vulnerability

An attacker can trigger a fatal error via RTSPServer handleHTTPCmd_TunnelingPOST() of LIVE555 Streaming Media Library, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 18/01/2019.
Identifiers: CVE-2019-6256, DLA-1690-1, DSA-4408-1, openSUSE-SU-2019:0058-1, VIGILANCE-VUL-28306.

Description of the vulnerability

An attacker can trigger a fatal error via RTSPServer handleHTTPCmd_TunnelingPOST() of LIVE555 Streaming Media Library, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-20683

gitolite: code execution via Rsync Command Line Options

Synthesis of the vulnerability

An attacker can use a vulnerability via Rsync Command Line Options of gitolite, in order to run code.
Impacted products: Fedora, openSUSE Leap, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 18/01/2019.
Identifiers: CVE-2018-20683, FEDORA-2019-b276ee69a8, FEDORA-2019-b6ce519120, openSUSE-SU-2019:0054-1, VIGILANCE-VUL-28305.

Description of the vulnerability

An attacker can use a vulnerability via Rsync Command Line Options of gitolite, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-9568

Linux kernel: memory corruption via sk_clone_lock

Synthesis of the vulnerability

An attacker can trigger a memory corruption via sk_clone_lock() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 18/01/2019.
Identifiers: CERTFR-2019-AVI-038, CERTFR-2019-AVI-042, CERTFR-2019-AVI-044, CERTFR-2019-AVI-051, CERTFR-2019-AVI-071, CERTFR-2019-AVI-112, CERTFR-2019-AVI-114, CVE-2018-9568, openSUSE-SU-2019:0065-1, openSUSE-SU-2019:0140-1, RHSA-2019:0512-01, RHSA-2019:0514-01, SUSE-SU-2019:0148-1, SUSE-SU-2019:0196-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0320-1, SUSE-SU-2019:0439-1, SUSE-SU-2019:0541-1, SUSE-SU-2019:13937-1, SUSE-SU-2019:13979-1, USN-3880-1, USN-3880-2, VIGILANCE-VUL-28304.

Description of the vulnerability

An attacker can trigger a memory corruption via sk_clone_lock() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-3811

SSSD: privilege escalation via Root Directory Home

Synthesis of the vulnerability

An attacker can bypass restrictions via Root Directory Home of SSSD, in order to escalate his privileges.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 17/01/2019.
Identifiers: CVE-2019-3811, DLA-1635-1, openSUSE-SU-2019:0344-1, SUSE-SU-2019:0542-1, SUSE-SU-2019:0552-1, SUSE-SU-2019:0556-1, VIGILANCE-VUL-28301.

Description of the vulnerability

An attacker can bypass restrictions via Root Directory Home of SSSD, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-20615

HAProxy: denial of service via HTTP/2 Priority Flag

Synthesis of the vulnerability

An attacker can trigger a fatal error via HTTP/2 Priority Flag of HAProxy, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE Leap, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 15/01/2019.
Identifiers: CVE-2018-20615, FEDORA-2019-0398d1b049, FEDORA-2019-c7da53319c, openSUSE-SU-2019:0166-1, RHSA-2019:0275-01, SUSE-SU-2019:0232-1, USN-3858-1, VIGILANCE-VUL-28274.

Description of the vulnerability

An attacker can trigger a fatal error via HTTP/2 Priority Flag of HAProxy, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-6110

OpenSSH scp, PuTTY PSCP: spoofing via Scp Client ANSI Codes stderr File Hidding

Synthesis of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Impacted products: OpenSSH, openSUSE Leap, PuTTY, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: disguisement.
Provenance: internet server.
Creation date: 14/01/2019.
Identifiers: CVE-2019-6110, openSUSE-SU-2019:0091-1, openSUSE-SU-2019:0093-1, SUSE-SU-2019:0125-1, SUSE-SU-2019:0126-1, SUSE-SU-2019:0132-1, SUSE-SU-2019:13931-1, VIGILANCE-VUL-28262.

Description of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-6109

OpenSSH scp, PuTTY PSCP: spoofing via Scp Client ANSI Codes File Hidding

Synthesis of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Impacted products: Debian, OpenSSH, openSUSE Leap, PuTTY, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: disguisement.
Provenance: internet server.
Creation date: 14/01/2019.
Identifiers: CVE-2019-6109, DSA-4387-1, DSA-4387-2, openSUSE-SU-2019:0091-1, openSUSE-SU-2019:0093-1, openSUSE-SU-2019:0307-1, SUSE-SU-2019:0125-1, SUSE-SU-2019:0126-1, SUSE-SU-2019:0132-1, SUSE-SU-2019:0496-1, SUSE-SU-2019:13931-1, USN-3885-1, USN-3885-2, VIGILANCE-VUL-28261.

Description of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SLES: