The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SLES

computer vulnerability note CVE-2018-5816

LibRaw: denial of service via identify

Synthesis of the vulnerability

Impacted products: openSUSE Leap, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/12/2018.
Identifiers: CVE-2018-5816, openSUSE-SU-2018:4299-1, openSUSE-SU-2019:0008-1, SUSE-SU-2019:0005-1, VIGILANCE-VUL-28139.

Description of the vulnerability

An attacker can trigger a fatal error via identify() of LibRaw, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2018-5804

LibRaw: denial of service via identify

Synthesis of the vulnerability

Impacted products: openSUSE Leap, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/12/2018.
Identifiers: CVE-2018-5804, openSUSE-SU-2018:4299-1, openSUSE-SU-2019:0008-1, SUSE-SU-2019:0005-1, VIGILANCE-VUL-28138.

Description of the vulnerability

An attacker can trigger a fatal error via identify() of LibRaw, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-3613

OVMF: information disclosure via AuthVariable Timestamp

Synthesis of the vulnerability

Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 18/12/2018.
Identifiers: CVE-2018-3613, openSUSE-SU-2018:4240-1, openSUSE-SU-2018:4254-1, SUSE-SU-2018:4155-1, SUSE-SU-2018:4194-1, SUSE-SU-2018:4207-1, VIGILANCE-VUL-28040.

Description of the vulnerability

A local attacker can read a memory fragment via AuthVariable Timestamp of OVMF, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-16869

Nettle: information disclosure via Side-channel Based Padding

Synthesis of the vulnerability

Impacted products: BIG-IP Hardware, TMOS, Fedora, openSUSE Leap, Slackware, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 06/12/2018.
Identifiers: CVE-2018-16869, FEDORA-2018-f7d9989c42, FEDORA-2019-01afc2352f, FEDORA-2019-31015766d1, K45616155, openSUSE-SU-2018:4260-1, SSA:2018-339-02, SUSE-SU-2018:4193-1, VIGILANCE-VUL-27963.

Description of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of Nettle, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-19211

ncurses: NULL pointer dereference via _nc_parse_entry

Synthesis of the vulnerability

Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 06/12/2018.
Identifiers: CVE-2018-19211, openSUSE-SU-2018:4034-1, openSUSE-SU-2018:4055-1, SUSE-SU-2018:3967-1, SUSE-SU-2018:4000-1, VIGILANCE-VUL-27962.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via _nc_parse_entry() of ncurses, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2018-14626

PowerDNS: denial of service via Packet Cache Pollution

Synthesis of the vulnerability

Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 16/11/2018.
Identifiers: CVE-2018-14626, FEDORA-2018-2ff7cdbb7b, FEDORA-2018-5a1e2759aa, FEDORA-2018-85fc964de8, FEDORA-2018-c341b70641, FEDORA-2018-e14840a7f5, openSUSE-SU-2018:4062-1, openSUSE-SU-2018:4073-1, openSUSE-SU-2018:4151-1, openSUSE-SU-2018:4152-1, openSUSE-SU-2018:4156-1, openSUSE-SU-2018:4175-1, openSUSE-SU-2018:4177-1, VIGILANCE-VUL-27801.

Description of the vulnerability

An attacker can generate a fatal error via Packet Cache Pollution of PowerDNS, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-10851

PowerDNS: denial of service via Zone Record

Synthesis of the vulnerability

Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet server.
Confidence: confirmed by the editor (5/5).
Creation date: 16/11/2018.
Identifiers: CVE-2018-10851, FEDORA-2018-2ff7cdbb7b, FEDORA-2018-5a1e2759aa, FEDORA-2018-85fc964de8, openSUSE-SU-2018:4062-1, openSUSE-SU-2018:4073-1, openSUSE-SU-2018:4151-1, openSUSE-SU-2018:4152-1, openSUSE-SU-2018:4156-1, openSUSE-SU-2018:4175-1, openSUSE-SU-2018:4177-1, openSUSE-SU-2018:4262-1, VIGILANCE-VUL-27800.

Description of the vulnerability

An attacker can generate a fatal error via Zone Record of PowerDNS, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2018-19210

LibTIFF: NULL pointer dereference via TIFFRewriteDirectory

Synthesis of the vulnerability

Impacted products: LibTIFF, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 13/11/2018.
Identifiers: 2820, CVE-2018-19210, openSUSE-SU-2018:4053-1, openSUSE-SU-2018:4256-1, SUSE-SU-2018:4008-1, SUSE-SU-2018:4191-1, VIGILANCE-VUL-27764.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via TIFFRewriteDirectory() of LibTIFF, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-5407

OpenSSL: information disclosure via ECC Scalar Multiplication

Synthesis of the vulnerability

Impacted products: Debian, BIG-IP Hardware, TMOS, AIX, MariaDB ~ precise, MySQL Community, MySQL Enterprise, OpenBSD, OpenSSL, openSUSE Leap, Solaris, Percona Server, XtraBackup, XtraDB Cluster, Slackware, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 12/11/2018.
Identifiers: bulletinjan2019, CERTFR-2018-AVI-607, cpujan2019, CVE-2018-5407, DLA-1586-1, DSA-4348-1, DSA-4355-1, K49711130, openSUSE-SU-2018:3903-1, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, SSA:2018-325-01, SUSE-SU-2018:3864-1, SUSE-SU-2018:3866-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, TNS-2018-16, TNS-2018-17, USN-3840-1, VIGILANCE-VUL-27760.

Description of the vulnerability

On an Intel processor (VIGILANCE-VUL-27667), an attacker can measure the execution time of the ECC Scalar Multiplication of OpenSSL, in order to obtain the used key.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-17478

Chrome: out-of-bounds memory reading via V8

Synthesis of the vulnerability

Impacted products: Debian, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 12/11/2018.
Identifiers: CERTFR-2018-AVI-540, CVE-2018-17478, DSA-4340-1, openSUSE-SU-2018:3805-1, openSUSE-SU-2018:3835-1, openSUSE-SU-2018:3837-1, RHSA-2018:3648-01, VIGILANCE-VUL-27757.

Description of the vulnerability

An attacker can force a read at an invalid address via V8 of Chrome, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SLES: