The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Slackware

vulnerability CVE-2018-14616

Linux kernel: NULL pointer dereference via fscrypt_do_page_crypto

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via fscrypt_do_page_crypto() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, Slackware.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 31/01/2019.
Identifiers: 200465, CVE-2018-14616, SSA:2019-030-01, VIGILANCE-VUL-28410.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via fscrypt_do_page_crypto() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-14612

Linux kernel: NULL pointer dereference via btrfs_root_node

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via btrfs_root_node() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, Slackware.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 31/01/2019.
Identifiers: 199847, CVE-2018-14612, SSA:2019-030-01, VIGILANCE-VUL-28409.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via btrfs_root_node() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-3701

Linux kernel: denial of service via can_can_gw_rcv

Synthesis of the vulnerability

An attacker can trigger a fatal error via can_can_gw_rcv() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, Slackware.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 04/01/2019.
Identifiers: CVE-2019-3701, FEDORA-2019-337484d88b, FEDORA-2019-b0f7a7b74b, SSA:2019-030-01, VIGILANCE-VUL-28165.

Description of the vulnerability

An attacker can trigger a fatal error via can_can_gw_rcv() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-19985

Linux kernel: out-of-bounds memory reading via hso_probe

Synthesis of the vulnerability

An attacker can force a read at an invalid address via hso_probe() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 31/12/2018.
Identifiers: CERTFR-2019-AVI-038, CERTFR-2019-AVI-042, CERTFR-2019-AVI-051, CERTFR-2019-AVI-071, CVE-2018-19985, openSUSE-SU-2019:0065-1, openSUSE-SU-2019:0140-1, SSA:2019-030-01, SUSE-SU-2019:0148-1, SUSE-SU-2019:0196-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0320-1, SUSE-SU-2019:0439-1, SUSE-SU-2019:13937-1, VIGILANCE-VUL-28137.

Description of the vulnerability

An attacker can force a read at an invalid address via hso_probe() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-20511

Linux kernel: information disclosure via SIOCFINDIPDDPRT

Synthesis of the vulnerability

A local attacker can read a memory fragment via SIOCFINDIPDDPRT of the Linux kernel, in order to obtain sensitive information.
Impacted products: Linux, Slackware.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 28/12/2018.
Identifiers: CVE-2018-20511, SSA:2019-030-01, VIGILANCE-VUL-28126.

Description of the vulnerability

A local attacker can read a memory fragment via SIOCFINDIPDDPRT of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-16884

Linux kernel: use after free via bc_svc_process

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via bc_svc_process() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 19/12/2018.
Identifiers: CERTFR-2019-AVI-038, CERTFR-2019-AVI-042, CERTFR-2019-AVI-051, CERTFR-2019-AVI-071, CVE-2018-16884, FEDORA-2019-20a89ca9af, openSUSE-SU-2019:0065-1, openSUSE-SU-2019:0140-1, SSA:2019-030-01, SUSE-SU-2019:0148-1, SUSE-SU-2019:0196-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0320-1, SUSE-SU-2019:0439-1, VIGILANCE-VUL-28055.

Description of the vulnerability

An attacker can force the usage of a freed memory area via bc_svc_process() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-20169

Linux kernel: buffer overflow via usb_get_extra_descriptor

Synthesis of the vulnerability

An attacker can generate a buffer overflow via usb_get_extra_descriptor() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: physical access.
Creation date: 18/12/2018.
Identifiers: CERTFR-2019-AVI-038, CERTFR-2019-AVI-042, CERTFR-2019-AVI-044, CERTFR-2019-AVI-051, CERTFR-2019-AVI-071, CVE-2018-20169, FEDORA-2018-6e8c330d50, openSUSE-SU-2019:0065-1, openSUSE-SU-2019:0140-1, SSA:2019-030-01, SUSE-SU-2019:0148-1, SUSE-SU-2019:0196-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0320-1, SUSE-SU-2019:0439-1, SUSE-SU-2019:13937-1, USN-3879-1, USN-3879-2, VIGILANCE-VUL-28046.

Description of the vulnerability

An attacker can generate a buffer overflow via usb_get_extra_descriptor() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-20783

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Fedora, PHP, Slackware.
Severity: 2/4.
Consequences: user access/rights, data creation/edition.
Provenance: document.
Creation date: 06/12/2018.
Identifiers: CERTFR-2018-AVI-588, CVE-2018-20783, FEDORA-2018-7ebfe1e6f2, FEDORA-2018-dfe1f0bac6, SSA:2018-341-01, VIGILANCE-VUL-27977.

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-16868

GnuTLS: information disclosure via Side-channel Based Padding

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of GnuTLS, in order to obtain sensitive information.
Impacted products: Fedora, Slackware.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 06/12/2018.
Identifiers: CVE-2018-16868, FEDORA-2019-1a0d4443f8, FEDORA-2019-24dc022a51, SSA:2018-339-01, VIGILANCE-VUL-27964.

Description of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of GnuTLS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-16869

Nettle: information disclosure via Side-channel Based Padding

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of Nettle, in order to obtain sensitive information.
Impacted products: BIG-IP Hardware, TMOS, Fedora, openSUSE Leap, Slackware, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 06/12/2018.
Identifiers: CVE-2018-16869, FEDORA-2018-f7d9989c42, FEDORA-2019-01afc2352f, FEDORA-2019-31015766d1, K45616155, openSUSE-SU-2018:4260-1, SSA:2018-339-02, SUSE-SU-2018:4193-1, VIGILANCE-VUL-27963.

Description of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of Nettle, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Slackware: