The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SUSE Linux Enterprise Server

vulnerability note CVE-2018-10859

git-annex: information disclosure via Local Gpg Encrypted File

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Local Gpg Encrypted File of git-annex, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 06/07/2018.
Identifiers: CVE-2018-10859, DLA-1495-1, FEDORA-2018-7e8c49a451, FEDORA-2018-e22c8eb218, openSUSE-SU-2018:1896-1, openSUSE-SU-2018:1897-1, VIGILANCE-VUL-26640.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Local Gpg Encrypted File of git-annex, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2018-10857

git-annex: file reading

Synthesis of the vulnerability

A local attacker can read a file of git-annex, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 06/07/2018.
Identifiers: CVE-2018-10857, DLA-1495-1, FEDORA-2018-7e8c49a451, FEDORA-2018-e22c8eb218, openSUSE-SU-2018:1896-1, openSUSE-SU-2018:1897-1, VIGILANCE-VUL-26639.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a file of git-annex, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2018-10875

Ansible Core: privilege escalation via Current Directory Ansible.cfg

Synthesis of the vulnerability

An attacker can bypass restrictions via Current Directory Ansible.cfg of Ansible Core, in order to escalate his privileges.
Severity: 2/4.
Creation date: 06/07/2018.
Identifiers: CVE-2018-10875, DLA-1923-1, DSA-4396-1, openSUSE-SU-2019:0238-1, openSUSE-SU-2019:1125-1, USN-4072-1, VIGILANCE-VUL-26638.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Current Directory Ansible.cfg of Ansible Core, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2017-14860

exiv2: out-of-bounds memory reading via Exiv2-Jp2Image-readMetadata

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Exiv2::Jp2Image::readMetadata() of exiv2, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 05/07/2018.
Identifiers: CVE-2017-14860, openSUSE-SU-2018:1961-1, SUSE-SU-2018:1882-1, VIGILANCE-VUL-26636.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via Exiv2::Jp2Image::readMetadata() of exiv2, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2017-12957

exiv2: out-of-bounds memory reading via Exiv2-Image-io

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Exiv2::Image::io() of exiv2, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 05/07/2018.
Identifiers: CVE-2017-12957, openSUSE-SU-2018:1961-1, SUSE-SU-2018:1882-1, VIGILANCE-VUL-26635.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via Exiv2::Image::io() of exiv2, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2017-12956

exiv2: denial of service via Exiv2-FileIo-path

Synthesis of the vulnerability

An attacker can generate a fatal error via Exiv2::FileIo::path() of exiv2, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 05/07/2018.
Identifiers: CVE-2017-12956, openSUSE-SU-2018:1961-1, SUSE-SU-2018:1882-1, VIGILANCE-VUL-26634.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Exiv2::FileIo::path() of exiv2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2017-12955

exiv2: buffer overflow via Exiv2-Image-printIFDStructure

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Exiv2::Image::printIFDStructure() of exiv2, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 05/07/2018.
Identifiers: CVE-2017-12955, openSUSE-SU-2018:1961-1, SUSE-SU-2018:1882-1, VIGILANCE-VUL-26633.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via Exiv2::Image::printIFDStructure() of exiv2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2017-11592

exiv2: memory corruption via Exiv2-FileIo-seek

Synthesis of the vulnerability

An attacker can generate a memory corruption via Exiv2::FileIo::seek() of exiv2, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 05/07/2018.
Identifiers: CVE-2017-11592, openSUSE-SU-2018:1961-1, SUSE-SU-2018:1882-1, VIGILANCE-VUL-26632.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a memory corruption via Exiv2::FileIo::seek() of exiv2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-11553

exiv2: denial of service via extend_alias_table

Synthesis of the vulnerability

An attacker can generate a fatal error via extend_alias_table() of exiv2, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 05/07/2018.
Identifiers: CVE-2017-11553, openSUSE-SU-2018:1961-1, SUSE-SU-2018:1882-1, VIGILANCE-VUL-26631.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via extend_alias_table() of exiv2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2017-11340

exiv2: denial of service via XmpParser-terminate

Synthesis of the vulnerability

An attacker can generate a fatal error via XmpParser::terminate() of exiv2, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 05/07/2018.
Identifiers: CVE-2017-11340, openSUSE-SU-2018:1961-1, SUSE-SU-2018:1882-1, VIGILANCE-VUL-26630.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via XmpParser::terminate() of exiv2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SUSE Linux Enterprise Server: