The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of openSUSE Leap

computer vulnerability bulletin CVE-2019-3689

nfs-utils: read-write access via /var/lib/nfs

Synthesis of the vulnerability

An attacker can bypass access restrictions via /var/lib/nfs of nfs-utils, in order to read or alter data.
Severity: 1/4.
Creation date: 21/10/2019.
Identifiers: CVE-2019-3689, DLA-1965-1, openSUSE-SU-2019:2408-1, openSUSE-SU-2019:2435-1, VIGILANCE-VUL-30672.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions via /var/lib/nfs of nfs-utils, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2019-16709

ImageMagick: memory leak via XCreateImage

Synthesis of the vulnerability

An attacker can create a memory leak via XCreateImage() of ImageMagick, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 16/10/2019.
Identifiers: CVE-2019-16709, openSUSE-SU-2019:2317-1, openSUSE-SU-2019:2321-1, SUSE-SU-2019:2896-1, VIGILANCE-VUL-30642.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create a memory leak via XCreateImage() of ImageMagick, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2018-20651

libbfd: NULL pointer dereference via elf_link_add_object_symbols

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via elf_link_add_object_symbols() of libbfd, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 15/10/2019.
Identifiers: CVE-2018-20651, openSUSE-SU-2019:2415-1, openSUSE-SU-2019:2432-1, SSB-439005, SUSE-SU-2019:2650-1, VIGILANCE-VUL-30625.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via elf_link_add_object_symbols() of libbfd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-16995

Linux kernel: memory leak via hsr_dev_finalize

Synthesis of the vulnerability

An attacker can create a memory leak via hsr_dev_finalize() of the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 01/10/2019.
Identifiers: CVE-2019-16995, openSUSE-SU-2019:2444-1, SUSE-SU-2019:2946-1, SUSE-SU-2019:2947-1, SUSE-SU-2019:2949-1, SUSE-SU-2019:2951-1, SUSE-SU-2019:2952-1, SUSE-SU-2019:2953-1, VIGILANCE-VUL-30486.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create a memory leak via hsr_dev_finalize() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2019-13104 CVE-2019-13106

u-boot: two vulnerabilities via ext4

Synthesis of the vulnerability

An attacker can use several vulnerabilities via ext4 of u-boot.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/09/2019.
Identifiers: CVE-2019-13104, CVE-2019-13106, openSUSE-SU-2019:2233-1, openSUSE-SU-2019:2235-1, SUSE-SU-2019:2474-1, SUSE-SU-2019:2475-1, VIGILANCE-VUL-30460.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities via ext4 of u-boot.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2017-18594

nmap: use after free via SSH

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via SSH of nmap, in order to trigger a denial of service, and possibly to run code.
Severity: 1/4.
Creation date: 26/09/2019.
Identifiers: CVE-2017-18594, openSUSE-SU-2019:2198-1, openSUSE-SU-2019:2200-1, VIGILANCE-VUL-30453.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via SSH of nmap, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2019-13626

libSDL2: integer overflow via IMA_ADPCM_decode

Synthesis of the vulnerability

An attacker can trigger an integer overflow via IMA_ADPCM_decode() of libSDL2, in order to trigger a denial of service, and possibly to run code.
Severity: 1/4.
Creation date: 26/09/2019.
Identifiers: CVE-2019-13626, openSUSE-SU-2019:2224-1, openSUSE-SU-2019:2226-1, SUSE-SU-2019:2463-1, VIGILANCE-VUL-30439.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger an integer overflow via IMA_ADPCM_decode() of libSDL2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-15920

Linux kernel: use after free via SMB2_read

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via SMB2_read() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Severity: 1/4.
Creation date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-455, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-530, CVE-2019-15920, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, VIGILANCE-VUL-30408.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via SMB2_read() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-15919

Linux kernel: use after free via SMB2_write

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via SMB2_write() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Severity: 1/4.
Creation date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-455, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-530, CVE-2019-15919, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, VIGILANCE-VUL-30407.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via SMB2_write() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2019-15921

Linux kernel: memory leak via genl_register_family

Synthesis of the vulnerability

An attacker can create a memory leak via genl_register_family() of the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-455, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-530, CVE-2019-15921, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, VIGILANCE-VUL-30406.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create a memory leak via genl_register_family() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about openSUSE Leap: