The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SUSE Linux Enterprise Desktop

vulnerability CVE-2018-1000852

FreeRDP: information disclosure via drdynvc_process_capability_request

Synthesis of the vulnerability

A local attacker can read a memory fragment via drdynvc_process_capability_request() of FreeRDP, in order to obtain sensitive information.
Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 22/01/2019.
Identifiers: CVE-2018-1000852, openSUSE-SU-2019:0096-1, SUSE-SU-2019:0134-1, VIGILANCE-VUL-28320.

Description of the vulnerability

A local attacker can read a memory fragment via drdynvc_process_capability_request() of FreeRDP, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-6110

OpenSSH scp, PuTTY PSCP: spoofing via Scp Client ANSI Codes stderr File Hidding

Synthesis of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Impacted products: OpenSSH, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: disguisement.
Provenance: internet server.
Creation date: 14/01/2019.
Identifiers: CVE-2019-6110, openSUSE-SU-2019:0091-1, openSUSE-SU-2019:0093-1, SUSE-SU-2019:0125-1, SUSE-SU-2019:0126-1, SUSE-SU-2019:0132-1, SUSE-SU-2019:13931-1, VIGILANCE-VUL-28262.

Description of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-6109

OpenSSH scp, PuTTY PSCP: spoofing via Scp Client ANSI Codes File Hidding

Synthesis of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Impacted products: Debian, OpenSSH, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: disguisement.
Provenance: internet server.
Creation date: 14/01/2019.
Identifiers: CVE-2019-6109, DSA-4387-1, openSUSE-SU-2019:0091-1, openSUSE-SU-2019:0093-1, SUSE-SU-2019:0125-1, SUSE-SU-2019:0126-1, SUSE-SU-2019:0132-1, SUSE-SU-2019:13931-1, USN-3885-1, VIGILANCE-VUL-28261.

Description of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-3460

Linux kernel: information disclosure via L2CAP_PARSE_CONF_RSP

Synthesis of the vulnerability

A local attacker can read a memory fragment via L2CAP_PARSE_CONF_RSP of the Linux kernel, in order to obtain sensitive information.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 11/01/2019.
Identifiers: CERTFR-2019-AVI-071, CVE-2019-3460, FEDORA-2019-509c133845, FEDORA-2019-f812c9fb22, openSUSE-SU-2019:0140-1, openSUSE-SU-2019:0203-1, SUSE-SU-2019:0439-1, VIGILANCE-VUL-28250.

Description of the vulnerability

A local attacker can read a memory fragment via L2CAP_PARSE_CONF_RSP of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-3459

Linux kernel: information disclosure via L2CAP_GET_CONF_OPT

Synthesis of the vulnerability

A local attacker can read a memory fragment via L2CAP_GET_CONF_OPT of the Linux kernel, in order to obtain sensitive information.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 11/01/2019.
Identifiers: CERTFR-2019-AVI-071, CVE-2019-3459, FEDORA-2019-509c133845, FEDORA-2019-f812c9fb22, openSUSE-SU-2019:0140-1, openSUSE-SU-2019:0203-1, SUSE-SU-2019:0439-1, VIGILANCE-VUL-28249.

Description of the vulnerability

A local attacker can read a memory fragment via L2CAP_GET_CONF_OPT of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-19985

Linux kernel: out-of-bounds memory reading via hso_probe

Synthesis of the vulnerability

An attacker can force a read at an invalid address via hso_probe() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 31/12/2018.
Identifiers: CERTFR-2019-AVI-038, CERTFR-2019-AVI-042, CERTFR-2019-AVI-051, CERTFR-2019-AVI-071, CVE-2018-19985, openSUSE-SU-2019:0065-1, openSUSE-SU-2019:0140-1, SSA:2019-030-01, SUSE-SU-2019:0148-1, SUSE-SU-2019:0196-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0320-1, SUSE-SU-2019:0439-1, SUSE-SU-2019:13937-1, VIGILANCE-VUL-28137.

Description of the vulnerability

An attacker can force a read at an invalid address via hso_probe() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-9801

BlueZ: buffer overflow via set_ext_ctrl

Synthesis of the vulnerability

An attacker can generate a buffer overflow via set_ext_ctrl() of BlueZ, in order to trigger a denial of service, and possibly to run code.
Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: user shell.
Creation date: 20/12/2018.
Identifiers: CVE-2016-9801, openSUSE-SU-2018:4259-1, SUSE-SU-2018:4188-1, SUSE-SU-2018:4189-1, VIGILANCE-VUL-28069.

Description of the vulnerability

An attacker can generate a buffer overflow via set_ext_ctrl() of BlueZ, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-9800

BlueZ: buffer overflow via pin_code_reply_dump

Synthesis of the vulnerability

An attacker can generate a buffer overflow via pin_code_reply_dump() of BlueZ, in order to trigger a denial of service, and possibly to run code.
Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on service, denial of service on client.
Provenance: radio connection.
Creation date: 20/12/2018.
Identifiers: CVE-2016-9800, openSUSE-SU-2018:4259-1, SUSE-SU-2018:4188-1, SUSE-SU-2018:4189-1, VIGILANCE-VUL-28068.

Description of the vulnerability

An attacker can generate a buffer overflow via pin_code_reply_dump() of BlueZ, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-16884

Linux kernel: use after free via bc_svc_process

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via bc_svc_process() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 19/12/2018.
Identifiers: CERTFR-2019-AVI-038, CERTFR-2019-AVI-042, CERTFR-2019-AVI-051, CERTFR-2019-AVI-071, CVE-2018-16884, FEDORA-2019-20a89ca9af, openSUSE-SU-2019:0065-1, openSUSE-SU-2019:0140-1, SSA:2019-030-01, SUSE-SU-2019:0148-1, SUSE-SU-2019:0196-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0320-1, SUSE-SU-2019:0439-1, VIGILANCE-VUL-28055.

Description of the vulnerability

An attacker can force the usage of a freed memory area via bc_svc_process() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-19873

libQt5: denial of service via QBmpHandler

Synthesis of the vulnerability

An attacker can generate a fatal error via QBmpHandler() of libQt5, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 19/12/2018.
Identifiers: CVE-2018-19873, DLA-1627-1, DSA-4374-1, FEDORA-2019-3c45bd2cc3, openSUSE-SU-2018:4261-1, SUSE-SU-2018:4179-1, SUSE-SU-2018:4183-1, SUSE-SU-2018:4210-1, SUSE-SU-2018:4294-1, SUSE-SU-2019:0447-1, VIGILANCE-VUL-28054.

Description of the vulnerability

An attacker can generate a fatal error via QBmpHandler() of libQt5, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SUSE Linux Enterprise Desktop: