The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of openSUSE Leap

vulnerability announce CVE-2018-20483

wget: information disclosure via set_file_metadata

Synthesis of the vulnerability

Impacted products: Fedora, openSUSE Leap, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 04/01/2019.
Identifiers: CVE-2018-20483, FEDORA-2019-088875c43a, FEDORA-2019-d1b5cf0055, openSUSE-SU-2019:0057-1, SUSE-SU-2019:0093-1, VIGILANCE-VUL-28162.

Description of the vulnerability

An attacker can bypass access restrictions to data via set_file_metadata() of wget, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-5816

LibRaw: denial of service via identify

Synthesis of the vulnerability

Impacted products: openSUSE Leap, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/12/2018.
Identifiers: CVE-2018-5816, openSUSE-SU-2018:4299-1, openSUSE-SU-2019:0008-1, SUSE-SU-2019:0005-1, VIGILANCE-VUL-28139.

Description of the vulnerability

An attacker can trigger a fatal error via identify() of LibRaw, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2018-5804

LibRaw: denial of service via identify

Synthesis of the vulnerability

Impacted products: openSUSE Leap, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/12/2018.
Identifiers: CVE-2018-5804, openSUSE-SU-2018:4299-1, openSUSE-SU-2019:0008-1, SUSE-SU-2019:0005-1, VIGILANCE-VUL-28138.

Description of the vulnerability

An attacker can trigger a fatal error via identify() of LibRaw, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-19985

Linux kernel: out-of-bounds memory reading via hso_probe

Synthesis of the vulnerability

Impacted products: Linux, openSUSE Leap.
Severity: 1/4.
Consequences: data reading, denial of service on server, denial of service on service.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 31/12/2018.
Identifiers: CVE-2018-19985, openSUSE-SU-2019:0065-1, VIGILANCE-VUL-28137.

Description of the vulnerability

An attacker can force a read at an invalid address via hso_probe() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-3613

OVMF: information disclosure via AuthVariable Timestamp

Synthesis of the vulnerability

Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 18/12/2018.
Identifiers: CVE-2018-3613, openSUSE-SU-2018:4240-1, openSUSE-SU-2018:4254-1, SUSE-SU-2018:4155-1, SUSE-SU-2018:4194-1, SUSE-SU-2018:4207-1, VIGILANCE-VUL-28040.

Description of the vulnerability

A local attacker can read a memory fragment via AuthVariable Timestamp of OVMF, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-16869

Nettle: information disclosure via Side-channel Based Padding

Synthesis of the vulnerability

Impacted products: BIG-IP Hardware, TMOS, Fedora, openSUSE Leap, Slackware, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 06/12/2018.
Identifiers: CVE-2018-16869, FEDORA-2018-f7d9989c42, FEDORA-2019-01afc2352f, FEDORA-2019-31015766d1, K45616155, openSUSE-SU-2018:4260-1, SSA:2018-339-02, SUSE-SU-2018:4193-1, VIGILANCE-VUL-27963.

Description of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of Nettle, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-19211

ncurses: NULL pointer dereference via _nc_parse_entry

Synthesis of the vulnerability

Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 06/12/2018.
Identifiers: CVE-2018-19211, openSUSE-SU-2018:4034-1, openSUSE-SU-2018:4055-1, SUSE-SU-2018:3967-1, SUSE-SU-2018:4000-1, VIGILANCE-VUL-27962.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via _nc_parse_entry() of ncurses, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-19854

Linux kernel: information disclosure via crypto_report_one

Synthesis of the vulnerability

Impacted products: Linux, openSUSE Leap.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 05/12/2018.
Identifiers: CVE-2018-19854, openSUSE-SU-2019:0065-1, VIGILANCE-VUL-27950.

Description of the vulnerability

A local attacker can read a memory fragment via crypto_report_one() of the Linux kernel, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-19407

Linux kernel: NULL pointer dereference via vcpu_scan_ioapic

Synthesis of the vulnerability

Impacted products: Fedora, Linux, openSUSE Leap.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 21/11/2018.
Identifiers: CVE-2018-19407, FEDORA-2018-3857a8b41a, FEDORA-2018-87ba0312c2, openSUSE-SU-2019:0065-1, VIGILANCE-VUL-27856.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via vcpu_scan_ioapic() of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2018-15750

SaltStack Salt: directory traversal

Synthesis of the vulnerability

Impacted products: openSUSE Leap, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 20/11/2018.
Identifiers: CVE-2018-15750, openSUSE-SU-2018:4174-1, openSUSE-SU-2018:4197-1, SUSE-SU-2018:3815-1, VIGILANCE-VUL-27835.

Description of the vulnerability

An attacker can traverse directories of SaltStack Salt, in order to read a file outside the service root path.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about openSUSE Leap: