The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of openSUSE Leap

computer vulnerability CVE-2019-7222

Linux kernel: information disclosure via kvm_read_guest_virt

Synthesis of the vulnerability

A local attacker can read a memory fragment via kvm_read_guest_virt() of the Linux kernel, in order to obtain sensitive information.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 13/02/2019.
Identifiers: CERTFR-2019-AVI-114, CVE-2019-7222, FEDORA-2019-164946aa7f, FEDORA-2019-3da64f3e61, openSUSE-SU-2019:0203-1, openSUSE-SU-2019:0274-1, SUSE-SU-2019:0541-1, SUSE-SU-2019:13979-1, VIGILANCE-VUL-28495.

Description of the vulnerability

A local attacker can read a memory fragment via kvm_read_guest_virt() of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-5010

Python: NULL pointer dereference via _get_crl_dp

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via _get_crl_dp() of Python, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, Python, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/01/2019.
Identifiers: 35746, CVE-2019-5010, DLA-1663-1, FEDORA-2019-00870e8bfc, openSUSE-SU-2019:0155-1, openSUSE-SU-2019:0184-1, openSUSE-SU-2019:0292-1, SSA:2019-062-01, SUSE-SU-2019:0215-1, SUSE-SU-2019:0223-1, SUSE-SU-2019:0243-1, SUSE-SU-2019:0271-1, SUSE-SU-2019:0482-1, TALOS-2019-0758, VIGILANCE-VUL-28358.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via _get_crl_dp() of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-20669

Linux kernel: privilege escalation via i915_gem_execbuffer2_ioctl

Synthesis of the vulnerability

An attacker can bypass restrictions via i915_gem_execbuffer2_ioctl of the Linux kernel, in order to escalate his privileges.
Impacted products: Linux, openSUSE Leap.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 24/01/2019.
Identifiers: CVE-2018-20669, openSUSE-SU-2019:0203-1, VIGILANCE-VUL-28340.

Description of the vulnerability

An attacker can bypass restrictions via i915_gem_execbuffer2_ioctl of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-4416 CVE-2018-4438 CVE-2018-4441

WebKitGTK+: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Impacted products: iOS by Apple, iPhone, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 23/01/2019.
Identifiers: bulletinjan2019, CVE-2018-4416, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464, HT209340, openSUSE-SU-2019:0081-1, openSUSE-SU-2019:0108-1, openSUSE-SU-2019:0308-1, SUSE-SU-2019:0146-1, SUSE-SU-2019:0497-1, VIGILANCE-VUL-28338.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-17199

Apache httpd: privilege escalation via mod_session_cookie Ignored Expiry Time

Synthesis of the vulnerability

An attacker can bypass restrictions via mod_session_cookie Ignored Expiry Time of Apache httpd, in order to escalate his privileges.
Impacted products: Apache httpd, Debian, IBM i, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 23/01/2019.
Identifiers: CERTFR-2019-AVI-031, CVE-2018-17199, DLA-1647-1, ibm10872490, openSUSE-SU-2019:0296-1, openSUSE-SU-2019:0305-1, SSA:2019-022-01, SUSE-SU-2019:0498-1, SUSE-SU-2019:0504-1, VIGILANCE-VUL-28330.

Description of the vulnerability

An attacker can bypass restrictions via mod_session_cookie Ignored Expiry Time of Apache httpd, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-17189

Apache httpd: denial of service via mod_http2

Synthesis of the vulnerability

An attacker can trigger a fatal error via mod_http2 of Apache httpd, in order to trigger a denial of service.
Impacted products: Apache httpd, IBM i, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 23/01/2019.
Identifiers: CERTFR-2019-AVI-031, CVE-2018-17189, ibm10872490, openSUSE-SU-2019:0296-1, openSUSE-SU-2019:0305-1, SSA:2019-022-01, SUSE-SU-2019:0498-1, SUSE-SU-2019:0504-1, VIGILANCE-VUL-28329.

Description of the vulnerability

An attacker can trigger a fatal error via mod_http2 of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-4373 CVE-2018-4375 CVE-2018-4376

WebKitGTK+: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Impacted products: iOS by Apple, iPhone, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 22/01/2019.
Identifiers: CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, HT209192, openSUSE-SU-2019:0068-1, openSUSE-SU-2019:0081-1, VIGILANCE-VUL-28321.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1000852

FreeRDP: information disclosure via drdynvc_process_capability_request

Synthesis of the vulnerability

A local attacker can read a memory fragment via drdynvc_process_capability_request() of FreeRDP, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 22/01/2019.
Identifiers: CVE-2018-1000852, FEDORA-2019-e3b2885a25, openSUSE-SU-2019:0096-1, openSUSE-SU-2019:0325-1, SUSE-SU-2019:0134-1, SUSE-SU-2019:0539-1, VIGILANCE-VUL-28320.

Description of the vulnerability

A local attacker can read a memory fragment via drdynvc_process_capability_request() of FreeRDP, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-5309

PoDoFo: integer overflow via PdfObjectStreamParserObject-ReadObjectsFromStream

Synthesis of the vulnerability

An attacker can trigger an integer overflow via PdfObjectStreamParserObject::ReadObjectsFromStream() of PoDoFo, in order to trigger a denial of service, and possibly to run code.
Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 21/01/2019.
Identifiers: CVE-2018-5309, openSUSE-SU-2019:0066-1, SUSE-SU-2019:0393-1, VIGILANCE-VUL-28314.

Description of the vulnerability

An attacker can trigger an integer overflow via PdfObjectStreamParserObject::ReadObjectsFromStream() of PoDoFo, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-5296

PoDoFo: denial of service via PdfParser-ReadXRefSubsection

Synthesis of the vulnerability

An attacker can trigger a fatal error via PdfParser::ReadXRefSubsection() of PoDoFo, in order to trigger a denial of service.
Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 21/01/2019.
Identifiers: CVE-2018-5296, openSUSE-SU-2019:0066-1, SUSE-SU-2019:0393-1, VIGILANCE-VUL-28313.

Description of the vulnerability

An attacker can trigger a fatal error via PdfParser::ReadXRefSubsection() of PoDoFo, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about openSUSE Leap: