The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Slackware

security vulnerability CVE-2019-17075

Linux kernel: denial of service via cxgb4 DMA

Synthesis of the vulnerability

An attacker can trigger a fatal error via cxgb4 DMA of the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 02/10/2019.
Identifiers: CVE-2019-17075, SSA:2019-311-01, VIGILANCE-VUL-30494.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via cxgb4 DMA of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-20976

Linux kernel: use after free via fs/xfs/xfs_super.c

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via fs/xfs/xfs_super.c of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Severity: 1/4.
Creation date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-455, CERTFR-2019-AVI-478, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-530, CERTFR-2019-AVI-561, CERTFR-2019-AVI-575, CVE-2018-20976, DLA-1930-1, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, SSA:2019-311-01, SUSE-SU-2019:14218-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, SUSE-SU-2019:2949-1, SUSE-SU-2019:2950-1, SUSE-SU-2019:2984-1, USN-4144-1, USN-4145-1, VIGILANCE-VUL-30400.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via fs/xfs/xfs_super.c of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2019-14835

Linux kernel: buffer overflow via vhost/vhost_net

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a buffer overflow via vhost/vhost_net of the Linux kernel, in order to trigger a denial of service, and possibly to run code on the host system.
Severity: 2/4.
Creation date: 17/09/2019.
Revision date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-448, CERTFR-2019-AVI-451, CERTFR-2019-AVI-455, CERTFR-2019-AVI-457, CERTFR-2019-AVI-466, CERTFR-2019-AVI-467, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-530, CERTFR-2019-AVI-561, CERTFR-2019-AVI-575, CVE-2019-14835, DLA-1930-1, DLA-1940-1, DSA-4531-1, FEDORA-2019-a570a92d5a, FEDORA-2019-e3010166bd, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, RHSA-2019:2827-01, RHSA-2019:2828-01, RHSA-2019:2829-01, RHSA-2019:2830-01, RHSA-2019:2854-01, RHSA-2019:2862-01, RHSA-2019:2863-01, RHSA-2019:2864-01, RHSA-2019:2865-01, RHSA-2019:2866-01, RHSA-2019:2867-01, RHSA-2019:2869-01, RHSA-2019:2899-01, RHSA-2019:2900-01, RHSA-2019:2901-01, SSA:2019-311-01, SUSE-SU-2019:14218-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, SUSE-SU-2019:2949-1, SUSE-SU-2019:2950-1, SUSE-SU-2019:2984-1, USN-4135-1, USN-4135-2, VIGILANCE-VUL-30355.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can trigger a buffer overflow via vhost/vhost_net of the Linux kernel, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2019-14821

Linux kernel: privilege escalation via Coalesced MMIO

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Coalesced MMIO of the Linux kernel, in order to escalate his privileges on the host system.
Severity: 2/4.
Creation date: 20/09/2019.
Identifiers: 1746708, CERTFR-2019-AVI-466, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-518, CERTFR-2019-AVI-519, CERTFR-2019-AVI-522, CERTFR-2019-AVI-527, CERTFR-2019-AVI-561, CERTFR-2019-AVI-575, CVE-2019-14821, DLA-1930-1, DLA-1940-1, DSA-4531-1, FEDORA-2019-15e141c6a7, FEDORA-2019-a570a92d5a, openSUSE-SU-2019:2307-1, openSUSE-SU-2019:2308-1, RHSA-2019:3309-01, RHSA-2019:3517-01, SSA:2019-311-01, SUSE-SU-2019:14218-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2706-1, SUSE-SU-2019:2710-1, SUSE-SU-2019:2879-1, SUSE-SU-2019:2949-1, SUSE-SU-2019:2950-1, SUSE-SU-2019:2984-1, USN-4157-1, USN-4157-2, USN-4162-1, USN-4162-2, USN-4163-1, USN-4163-2, VIGILANCE-VUL-30379.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Coalesced MMIO of the Linux kernel, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2019-5482

curl: buffer overflow via TFTP Small Blocksize

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via TFTP Small Blocksize of curl, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 11/09/2019.
Identifiers: CVE-2019-5482, DLA-1917-1, FEDORA-2019-9e6357d82f, FEDORA-2019-f2a520135e, openSUSE-SU-2019:2149-1, openSUSE-SU-2019:2169-1, SSA:2019-254-01, SUSE-SU-2019:14172-1, SUSE-SU-2019:2339-2, SUSE-SU-2019:2373-1, SUSE-SU-2019:2381-1, USN-4129-1, USN-4129-2, VIGILANCE-VUL-30303.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a buffer overflow via TFTP Small Blocksize of curl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2019-1563

OpenSSL: information disclosure via PKCS7/CMS Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via PKCS7/CMS Padding Oracle of OpenSSL, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 11/09/2019.
Identifiers: CERTFR-2019-AVI-444, cpuoct2019, CVE-2019-1563, DLA-1932-1, DSA-4539-1, DSA-4539-2, DSA-4539-3, DSA-4540-1, NTAP-20190919-0002, openSUSE-SU-2019:2158-1, openSUSE-SU-2019:2189-1, openSUSE-SU-2019:2268-1, openSUSE-SU-2019:2269-1, SSA:2019-254-03, STORM-2019-018, SUSE-SU-2019:14171-1, SUSE-SU-2019:14174-1, SUSE-SU-2019:2397-1, SUSE-SU-2019:2403-1, SUSE-SU-2019:2410-1, SUSE-SU-2019:2413-1, SUSE-SU-2019:2504-1, SUSE-SU-2019:2558-1, SUSE-SU-2019:2561-1, VIGILANCE-VUL-30293.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via PKCS7/CMS Padding Oracle of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2019-1547

OpenSSL: information disclosure via ECDSA Falls Back

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Falls Back of OpenSSL, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 11/09/2019.
Identifiers: CERTFR-2019-AVI-444, cpuoct2019, CVE-2019-1547, DLA-1932-1, DSA-4539-1, DSA-4539-2, DSA-4539-3, DSA-4540-1, NTAP-20190919-0002, openSUSE-SU-2019:2158-1, openSUSE-SU-2019:2189-1, openSUSE-SU-2019:2268-1, openSUSE-SU-2019:2269-1, SSA:2019-254-03, SUSE-SU-2019:14171-1, SUSE-SU-2019:14174-1, SUSE-SU-2019:2397-1, SUSE-SU-2019:2403-1, SUSE-SU-2019:2410-1, SUSE-SU-2019:2413-1, SUSE-SU-2019:2504-1, SUSE-SU-2019:2558-1, SUSE-SU-2019:2561-1, VIGILANCE-VUL-30291.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Falls Back of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2019-15903

libexpat: out-of-bounds memory reading via XML_GetCurrentLineNumber

Synthesis of the vulnerability

An attacker can force a read at an invalid address via XML_GetCurrentLineNumber() of libexpat, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 09/09/2019.
Identifiers: CERTFR-2019-AVI-535, CVE-2019-15903, DLA-1912-1, DLA-1987-1, DLA-1997-1, DSA-4530-1, DSA-4549-1, DSA-4571-1, FEDORA-2019-672ae0f060, FEDORA-2019-9505c6b555, FEDORA-2019-9b4ebc2973, MFSA-2019-33, MFSA-2019-34, MFSA-2019-35, openSUSE-SU-2019:2204-1, openSUSE-SU-2019:2205-1, openSUSE-SU-2019:2420-1, openSUSE-SU-2019:2424-1, openSUSE-SU-2019:2425-1, openSUSE-SU-2019:2447-1, openSUSE-SU-2019:2451-1, openSUSE-SU-2019:2452-1, openSUSE-SU-2019:2459-1, openSUSE-SU-2019:2464-1, RHSA-2019:3210-01, RHSA-2019:3237-01, RHSA-2019:3756-01, SSA:2019-259-01, SSA:2019-293-01, SSA:2019-295-01, SUSE-SU-2019:2429-1, SUSE-SU-2019:2440-1, SUSE-SU-2019:2871-1, SUSE-SU-2019:2872-1, SUSE-SU-2019:2912-1, USN-4132-1, USN-4132-2, USN-4165-1, USN-4165-2, VIGILANCE-VUL-30268.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via XML_GetCurrentLineNumber() of libexpat, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2018-20961

Linux kernel: use after free via f_midi_set_alt

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via f_midi_set_alt() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 27/08/2019.
Identifiers: CERTFR-2019-AVI-478, CVE-2018-20961, SSA:2019-238-01, USN-4145-1, VIGILANCE-VUL-30170.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via f_midi_set_alt() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2019-15505

Linux kernel: out-of-bounds memory reading via technisat-usb2.c

Synthesis of the vulnerability

An attacker can force a read at an invalid address via technisat-usb2.c of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 26/08/2019.
Identifiers: CERTFR-2019-AVI-518, CERTFR-2019-AVI-527, CERTFR-2019-AVI-561, CERTFR-2019-AVI-575, CVE-2019-15505, FEDORA-2019-4c91a2f76e, FEDORA-2019-97380355ae, K28222050, SSA:2019-311-01, SUSE-SU-2019:14218-1, SUSE-SU-2019:2949-1, SUSE-SU-2019:2950-1, SUSE-SU-2019:2984-1, USN-4157-1, USN-4157-2, USN-4162-1, USN-4162-2, USN-4163-1, USN-4163-2, VIGILANCE-VUL-30163.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via technisat-usb2.c of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Slackware: