The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SUSE Linux Enterprise Server

vulnerability alert CVE-2018-10779

LibTIFF: out-of-bounds memory reading via TIFFWriteScanline

Synthesis of the vulnerability

An attacker can force a read at an invalid address via TIFFWriteScanline() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: LibTIFF, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/05/2018.
Identifiers: 2788, bulletinjan2019, CVE-2018-10779, openSUSE-SU-2018:2880-1, openSUSE-SU-2018:3370-1, openSUSE-SU-2018:3371-1, RHSA-2019:2053-01, SSA:2018-316-01, SUSE-SU-2018:2676-1, SUSE-SU-2018:2836-1, SUSE-SU-2018:3327-1, USN-3906-1, USN-3906-2, VIGILANCE-VUL-26081.

Description of the vulnerability

An attacker can force a read at an invalid address via TIFFWriteScanline() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-4200

WebKitGTK+: memory corruption via State Management

Synthesis of the vulnerability

An attacker can generate a memory corruption via State Management of WebKitGTK+, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/05/2018.
Identifiers: bulletinoct2018, CVE-2018-4200, FEDORA-2018-6a9fea1b3a, FEDORA-2018-93ba62d099, FEDORA-2018-97c58e29e4, HT208743, openSUSE-SU-2018:3473-1, SUSE-SU-2018:3387-1, USN-3640-1, VIGILANCE-VUL-26080.

Description of the vulnerability

An attacker can generate a memory corruption via State Management of WebKitGTK+, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1059

DPDK: information disclosure via Guest Physical Ranges

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Guest Physical Ranges of DPDK, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1059, FEDORA-2018-2c965abb15, openSUSE-SU-2018:1560-1, openSUSE-SU-2018:4003-1, RHSA-2018:2038-01, SUSE-SU-2018:1492-1, SUSE-SU-2018:3923-1, USN-3642-1, USN-3642-2, VIGILANCE-VUL-26075.

Description of the vulnerability

An attacker can bypass access restrictions to data via Guest Physical Ranges of DPDK, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1089

389 Directory Server: denial of service via Ldapsearch Large Filter

Synthesis of the vulnerability

An attacker can generate a fatal error via Ldapsearch Large Filter of 389 Directory Server, in order to trigger a denial of service.
Impacted products: Debian, RHEL, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1089, DLA-1428-1, RHSA-2018:1364-01, RHSA-2018:1380-01, SUSE-SU-2019:2155-1, VIGILANCE-VUL-26074.

Description of the vulnerability

An attacker can generate a fatal error via Ldapsearch Large Filter of 389 Directory Server, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1087

Linux kernel: privilege escalation via KVM DB Exceptions

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via KVM DB Exceptions of the Linux kernel, in order to escalate his privileges on the host system.
Impacted products: Debian, QRadar SIEM, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-224, CERTFR-2018-AVI-226, CERTFR-2018-AVI-228, CERTFR-2018-AVI-232, CERTFR-2018-AVI-584, CVE-2018-1087, DSA-4196-1, ibm10742755, RHSA-2018:1318-01, RHSA-2018:1345-01, RHSA-2018:1347-01, RHSA-2018:1348-01, RHSA-2018:1355-01, SUSE-SU-2018:1171-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1173-1, SUSE-SU-2018:1220-1, SUSE-SU-2018:1221-1, USN-3641-1, USN-3641-2, VIGILANCE-VUL-26072.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via KVM DB Exceptions of the Linux kernel, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-8897

Linux kernel: privilege escalation via DB Exceptions

Synthesis of the vulnerability

An attacker can bypass restrictions via DB Exceptions of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, BIG-IP Hardware, TMOS, FreeBSD, QRadar SIEM, Linux, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-224, CERTFR-2018-AVI-226, CERTFR-2018-AVI-228, CERTFR-2018-AVI-232, CERTFR-2018-AVI-584, CVE-2018-8897, DLA-1392-1, DSA-4196-1, FreeBSD-SA-18:06.debugreg, ibm10742755, K17403481, RHSA-2018:1318-01, RHSA-2018:1319-01, RHSA-2018:1345-01, RHSA-2018:1346-01, RHSA-2018:1347-01, RHSA-2018:1348-01, RHSA-2018:1349-01, RHSA-2018:1350-01, RHSA-2018:1351-01, RHSA-2018:1352-01, RHSA-2018:1353-01, RHSA-2018:1354-01, RHSA-2018:1355-01, SUSE-SU-2018:1171-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1173-1, SUSE-SU-2018:1220-1, SUSE-SU-2018:1221-1, Synology-SA-18:51, USN-3641-1, USN-3641-2, VIGILANCE-VUL-26071, VU#631579.

Description of the vulnerability

An attacker can bypass restrictions via DB Exceptions of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0494

wget: information disclosure via Cookies Injection

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cookies Injection of wget, in order to obtain sensitive information.
Impacted products: Debian, Fedora, McAfee Web Gateway, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 09/05/2018.
Identifiers: CVE-2018-0494, DLA-1375-1, DSA-4195-1, FEDORA-2018-11b37d7a68, FEDORA-2018-29ebba0906, FEDORA-2018-f29459149a, openSUSE-SU-2018:1383-1, RHSA-2018:3052-01, SB10276, SSA:2018-129-02, SUSE-SU-2018:1367-1, SUSE-SU-2018:1373-1, USN-3643-1, USN-3643-2, VIGILANCE-VUL-26070.

Description of the vulnerability

An attacker can bypass access restrictions to data via Cookies Injection of wget, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-10981

Xen: infinite loop via Device Model

Synthesis of the vulnerability

An attacker, inside a guest system, can generate an infinite loop via Device Model of Xen, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-229, CVE-2018-10981, DLA-1383-1, DLA-1559-1, DSA-4201-1, FEDORA-2018-7cd077ddd3, FEDORA-2018-98684f429b, FEDORA-2018-a7ac26523d, openSUSE-SU-2018:1487-1, SUSE-SU-2018:1456-1, SUSE-SU-2018:2528-1, VIGILANCE-VUL-26065, XSA-262.

Description of the vulnerability

An attacker, inside a guest system, can generate an infinite loop via Device Model of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-10982

Xen: privilege escalation via vHPET Interrupt Injection

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via vHPET Interrupt Injection of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-225, CERTFR-2018-AVI-229, CTX234679, CVE-2018-10982, DLA-1383-1, DLA-1549-1, DSA-4201-1, FEDORA-2018-7cd077ddd3, FEDORA-2018-98684f429b, FEDORA-2018-a7ac26523d, openSUSE-SU-2018:1487-1, SUSE-SU-2018:1456-1, SUSE-SU-2018:2528-1, VIGILANCE-VUL-26064, XSA-261.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via vHPET Interrupt Injection of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-8897

Xen: privilege escalation via Debug Exceptions

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Debug Exceptions of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-225, CERTFR-2018-AVI-229, CTX234679, CVE-2018-8897, DLA-1383-1, DLA-1577-1, DSA-4201-1, FEDORA-2018-7cd077ddd3, FEDORA-2018-98684f429b, FEDORA-2018-a7ac26523d, openSUSE-SU-2018:1274-1, SUSE-SU-2018:1177-1, SUSE-SU-2018:1181-1, SUSE-SU-2018:1184-1, SUSE-SU-2018:1202-1, SUSE-SU-2018:1203-1, SUSE-SU-2018:1216-1, VIGILANCE-VUL-26063, XSA-260.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Debug Exceptions of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SUSE Linux Enterprise Server: