The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SUSE Linux

computer vulnerability announce CVE-2013-2131

rrdtool: vulnerability

Synthesis of the vulnerability

A vulnerability of rrdtool was announced.
Impacted products: Fedora, openSUSE, openSUSE Leap.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 19/02/2018.
Identifiers: CVE-2013-2131, FEDORA-2013-10309, openSUSE-SU-2014:1646-1, openSUSE-SU-2018:0474-1, VIGILANCE-VUL-25327.

Description of the vulnerability

A vulnerability of rrdtool was announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2010-4226

Open Build Service: write access via cpio

Synthesis of the vulnerability

An attacker can bypass access restrictions via cpio of Open Build Service, in order to alter data.
Impacted products: openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data creation/edition, data deletion.
Provenance: user shell.
Creation date: 11/12/2017.
Identifiers: CVE-2010-4226, openSUSE-SU-2011:0174-1, openSUSE-SU-2017:3259-1, SUSE-SR:2011:005, SUSE-SU-2017:3253-1, VIGILANCE-VUL-24709.

Description of the vulnerability

An attacker can bypass access restrictions via cpio of Open Build Service, in order to alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-6303

Snack Sound Toolkit: buffer overflow via GetWavHeader

Synthesis of the vulnerability

An attacker can generate a buffer overflow via GetWavHeader of Snack Sound Toolkit, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/11/2017.
Identifiers: CVE-2012-6303, FEDORA-2013-0098, FEDORA-2013-0110, MDVSA-2013:126, openSUSE-SU-2015:0382-1, openSUSE-SU-2017:3016-1, VIGILANCE-VUL-24451.

Description of the vulnerability

An attacker can generate a buffer overflow via GetWavHeader of Snack Sound Toolkit, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-9907

ImageMagick: denial of service via DDS

Synthesis of the vulnerability

An attacker can generate a fatal error via DDS of ImageMagick, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/09/2017.
Identifiers: CVE-2014-9907, DLA-731-1, DLA-731-2, FEDORA-2017-3a568adb31, FEDORA-2017-8f27031c8f, openSUSE-SU-2016:2671-1, openSUSE-SU-2016:2770-1, openSUSE-SU-2016:3091-1, SUSE-SU-2016:2964-1, VIGILANCE-VUL-23878.

Description of the vulnerability

An attacker can generate a fatal error via DDS of ImageMagick, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0250

FreeRDP: buffer overflow via Width/Height

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Width/Height of FreeRDP, in order to trigger a denial of service, and possibly to run code.
Impacted products: openSUSE, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 08/08/2017.
Identifiers: CVE-2014-0250, MDVSA-2015:171, openSUSE-SU-2014:0862-1, USN-3380-1, VIGILANCE-VUL-23464.

Description of the vulnerability

An attacker can generate a buffer overflow via Width/Height of FreeRDP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-3677

shim: memory corruption via MOK Lists

Synthesis of the vulnerability

An attacker can generate a memory corruption via MOK Lists of shim, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 27/07/2017.
Identifiers: CVE-2014-3677, FEDORA-2014-14058, FEDORA-2014-14059, openSUSE-SU-2017:1967-1, RHSA-2014:1801-01, SUSE-SU-2014:1619-1, VIGILANCE-VUL-23373.

Description of the vulnerability

An attacker can generate a memory corruption via MOK Lists of shim, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-3676

shim: buffer overflow via DHCPv6 TFTP IPv6 Addresses

Synthesis of the vulnerability

An attacker can generate a buffer overflow via DHCPv6 TFTP IPv6 Addresses of shim, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: LAN.
Creation date: 27/07/2017.
Identifiers: CVE-2014-3676, FEDORA-2014-14058, FEDORA-2014-14059, openSUSE-SU-2017:1967-1, RHSA-2014:1801-01, SUSE-SU-2014:1619-1, VIGILANCE-VUL-23372.

Description of the vulnerability

An attacker can generate a buffer overflow via DHCPv6 TFTP IPv6 Addresses of shim, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-9638 CVE-2014-9639

vorbis-tools: two vulnerabilities via oggenc

Synthesis of the vulnerability

An attacker can use several vulnerabilities via oggenc of vorbis-tools.
Impacted products: Debian, Fedora, openSUSE.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 03/07/2017.
Identifiers: CVE-2014-9638, CVE-2014-9639, DLA-1010-1, FEDORA-2015-2330, FEDORA-2015-2335, openSUSE-SU-2015:0522-1, VIGILANCE-VUL-23124.

Description of the vulnerability

An attacker can use several vulnerabilities via oggenc of vorbis-tools.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-9640

vorbis-tools: out-of-bounds memory reading via oggenc

Synthesis of the vulnerability

An attacker can force a read at an invalid address via oggenc of vorbis-tools, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE.
Severity: 1/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/07/2017.
Identifiers: CVE-2014-9640, DLA-1010-1, FEDORA-2015-1191, FEDORA-2015-1253, MDVSA-2015:037, openSUSE-SU-2015:0231-1, VIGILANCE-VUL-23121.

Description of the vulnerability

An attacker can force a read at an invalid address via oggenc of vorbis-tools, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-1000370

Linux kernel: memory corruption via PIE Binary Offset2lib Bypass

Synthesis of the vulnerability

An attacker can generate a memory corruption via PIE Binary Offset2lib Bypass on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Junos Space, Linux, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/06/2017.
Revision date: 29/06/2017.
Identifiers: CERTFR-2017-AVI-365, CVE-2017-1000370, DSA-3981-1, JSA10824, JSA10826, VIGILANCE-VUL-23010.

Description of the vulnerability

An attacker can generate a memory corruption via PIE Binary Offset2lib Bypass on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SUSE Linux: