| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of SLES
phpMyAdmin: Cross Site Request Forgery
Synthesis of the vulnerability
An attacker can trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Impacted products: openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 19/04/2018.
Identifiers: CVE-2018-10188, openSUSE-SU-2018:1058-1, openSUSE-SU-2018:1059-1, PMASA-2018-2, VIGILANCE-VUL-25934.
Description of the vulnerability
The phpMyAdmin product offers a web service.
However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.
An attacker can therefore trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial) |
Xen: denial of service via a change of page table type
Synthesis of the vulnerability
A privileged attacker in a guest system can request a change of page table type to Xen without unmapping related pages, in order to make the host crash.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 27/02/2018.
Identifiers: CERTFR-2018-AVI-102, CERTFR-2018-AVI-145, CERTFR-2018-AVI-171, CTX232096, CTX232655, CVE-2018-7541, DLA-1300-1, DSA-4131-1, FEDORA-2018-0746dac335, FEDORA-2018-c553a586c8, openSUSE-SU-2018:1274-1, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, SUSE-SU-2018:1184-1, VIGILANCE-VUL-25386, XSA-255.
Description of the vulnerability
A privileged attacker in a guest system can request a change of page table type to Xen without unmapping related pages, in order to make the host crash.
Complete Vigil@nce bulletin.... (Free trial) |
Xen: denial of service via the L3/L4 page table management
Synthesis of the vulnerability
A privileged attacker in a guest system can make interrupt processing too long by requesting Xen to change the L3/L4 page tables, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 27/02/2018.
Identifiers: CERTFR-2018-AVI-102, CERTFR-2018-AVI-145, CERTFR-2018-AVI-171, CTX232096, CTX232655, CVE-2018-7540, DLA-1300-1, DSA-4131-1, FEDORA-2018-0746dac335, FEDORA-2018-c553a586c8, openSUSE-SU-2018:1274-1, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, SUSE-SU-2018:1184-1, VIGILANCE-VUL-25385, XSA-252.
Description of the vulnerability
A privileged attacker in a guest system can make interrupt processing too long by requesting Xen to change the L3/L4 page tables, in order to trigger a denial of service.
A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: privilege escalation via the ioctl system call
Synthesis of the vulnerability
An attacker can bypass restrictions to the Linux kernel memory via an ioctl system call, in order to escalate his privileges.
Impacted products: Debian, Android OS, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 23/02/2018.
Identifiers: CERTFR-2018-AVI-009, CERTFR-2018-AVI-014, CERTFR-2018-AVI-018, CERTFR-2018-AVI-048, CERTFR-2018-AVI-147, CERTFR-2018-AVI-161, CERTFR-2018-AVI-196, CERTFR-2018-AVI-197, CERTFR-2018-AVI-206, CERTFR-2018-AVI-224, CERTFR-2018-AVI-228, CERTFR-2018-AVI-241, CVE-2017-13166, DLA-1349-1, DLA-1369-1, DSA-4082-1, DSA-4120-1, DSA-4120-2, DSA-4179-1, DSA-4187-1, openSUSE-SU-2018:0781-1, RHSA-2018:0676-01, RHSA-2018:1062-01, RHSA-2018:1130-01, RHSA-2018:1170-01, RHSA-2018:1319-01, SUSE-SU-2018:0031-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0834-1, SUSE-SU-2018:0848-1, SUSE-SU-2018:0986-1, SUSE-SU-2018:1080-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1309-1, VIGILANCE-VUL-25359.
Description of the vulnerability
An attacker can bypass restrictions to the Linux kernel memory via an ioctl system call, in order to escalate his privileges.
A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: denial of service via the bnx2x driver
Synthesis of the vulnerability
An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 12/02/2018.
Identifiers: CERTFR-2018-AVI-147, CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-196, CERTFR-2018-AVI-198, CVE-2018-1000026, FEDORA-2018-03a6606cb5, FEDORA-2018-7a62047e30, FEDORA-2018-884a105c04, openSUSE-SU-2018:0781-1, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0986-1, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3620-1, USN-3620-2, USN-3632-1, VIGILANCE-VUL-25279.
Description of the vulnerability
An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: information disclosure via vhci_hcd
Synthesis of the vulnerability
An attacker can get kernel addresses via the vhci_hcd driver of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Linux, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 01/02/2018.
Identifiers: CERTFR-2018-AVI-161, CERTFR-2018-AVI-170, CERTFR-2018-AVI-197, CERTFR-2018-AVI-206, CERTFR-2018-AVI-224, CERTFR-2018-AVI-241, CVE-2017-16911, DLA-1369-1, DSA-4187-1, SUSE-SU-2018:0834-1, SUSE-SU-2018:0848-1, SUSE-SU-2018:1080-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1309-1, USN-3619-1, USN-3619-2, VIGILANCE-VUL-25197.
Description of the vulnerability
An attacker can get kernel addresses via the vhci_hcd driver of the Linux kernel, in order to obtain sensitive information.
A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial) |
OpenSSH: NULL pointer dereference via a NEWKEYS message
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced in OpenSSH via an out of order NEWKEYS message, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Data ONTAP, OpenSSH, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 22/01/2018.
Identifiers: CVE-2016-10708, DLA-1257-1, K32485746, NTAP-20180423-0003, openSUSE-SU-2018:2128-1, SUSE-SU-2018:1989-1, SUSE-SU-2018:2275-1, VIGILANCE-VUL-25131.
Description of the vulnerability
An attacker can force a NULL pointer to be dereferenced in OpenSSH via an out of order NEWKEYS message, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
phpMyAdmin: Cross Site Request Forgery
Synthesis of the vulnerability
An attacker can trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 28/12/2017.
Identifiers: CERTFR-2018-AVI-001, CVE-2017-1000499, FEDORA-2017-481515e199, FEDORA-2017-cad79c7c6c, openSUSE-SU-2017:3448-1, openSUSE-SU-2017:3451-1, PMASA-2017-9, VIGILANCE-VUL-24897.
Description of the vulnerability
The phpMyAdmin product offers a web service.
However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.
An attacker can therefore trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: NULL pointer dereference via assoc_array_apply_edit
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-448, CERTFR-2017-AVI-454, CERTFR-2017-AVI-458, CERTFR-2018-AVI-321, CVE-2017-12193, FEDORA-2017-38b37120a2, FEDORA-2017-9fbb35aeda, FEDORA-2018-884a105c04, openSUSE-SU-2017:3358-1, openSUSE-SU-2017:3359-1, RHSA-2018:0151-01, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3398-1, SUSE-SU-2017:3410-1, USN-3507-1, USN-3507-2, USN-3509-1, USN-3509-2, USN-3509-3, USN-3509-4, USN-3698-1, USN-3698-2, VIGILANCE-VUL-24308.
Description of the vulnerability
The Noyau Linux product offers a web service.
However, it does not check if a pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
Quagga: memory corruption via AS_PATH Long Paths Update Message
Synthesis of the vulnerability
An attacker can generate a memory corruption via AS_PATH Long Paths Update Message of Quagga, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Quagga, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 30/10/2017.
Identifiers: bulletinapr2018, CVE-2017-16227, DLA-1152-1, DSA-4011-1, FEDORA-2017-7d25605e98, FEDORA-2017-df3032c978, openSUSE-SU-2018:0473-1, SUSE-SU-2018:0455-1, SUSE-SU-2018:0456-1, SUSE-SU-2018:0457-1, USN-3471-1, VIGILANCE-VUL-24267.
Description of the vulnerability
An attacker can generate a memory corruption via AS_PATH Long Paths Update Message of Quagga, in order to trigger a denial of service, and possibly to run code.
A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about SLES:
|