The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Fedora

threat note CVE-2019-14857

mod_auth_openidc: open redirect via Logout Backslashes Url

Synthesis of the vulnerability

An attacker can deceive the user via Logout Backslashes Url of mod_auth_openidc, in order to redirect him to a malicious site.
Severity: 1/4.
Creation date: 28/10/2019.
Identifiers: CVE-2019-14857, FEDORA-2019-23638d42f3, FEDORA-2019-7b06f18a10, openSUSE-SU-2019:2499-1, SUSE-SU-2019:2934-1, SUSE-SU-2019:2935-1, VIGILANCE-VUL-30724.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can deceive the user via Logout Backslashes Url of mod_auth_openidc, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability 30471

nbdkit: denial of service

Synthesis of the vulnerability

VIGILANCE-VUL-30377 was not rightly fixed.
Severity: 1/4.
Creation date: 30/09/2019.
Identifiers: FEDORA-2019-1b30db2125, VIGILANCE-VUL-30471.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger an overload of nbdkit, in order to trigger a denial of service.

VIGILANCE-VUL-30377 was not rightly fixed.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2019-14835

Linux kernel: buffer overflow via vhost/vhost_net

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a buffer overflow via vhost/vhost_net of the Linux kernel, in order to trigger a denial of service, and possibly to run code on the host system.
Severity: 2/4.
Creation date: 17/09/2019.
Revision date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-448, CERTFR-2019-AVI-451, CERTFR-2019-AVI-455, CERTFR-2019-AVI-457, CERTFR-2019-AVI-466, CERTFR-2019-AVI-467, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-530, CERTFR-2019-AVI-561, CVE-2019-14835, DLA-1930-1, DLA-1940-1, DSA-4531-1, FEDORA-2019-a570a92d5a, FEDORA-2019-e3010166bd, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, RHSA-2019:2827-01, RHSA-2019:2828-01, RHSA-2019:2829-01, RHSA-2019:2830-01, RHSA-2019:2854-01, RHSA-2019:2862-01, RHSA-2019:2863-01, RHSA-2019:2864-01, RHSA-2019:2865-01, RHSA-2019:2866-01, RHSA-2019:2867-01, RHSA-2019:2869-01, RHSA-2019:2899-01, RHSA-2019:2900-01, RHSA-2019:2901-01, SSA:2019-311-01, SUSE-SU-2019:14218-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, SUSE-SU-2019:2949-1, SUSE-SU-2019:2950-1, SUSE-SU-2019:2984-1, USN-4135-1, USN-4135-2, VIGILANCE-VUL-30355.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can trigger a buffer overflow via vhost/vhost_net of the Linux kernel, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 30382

ImageMagick: vulnerability

Synthesis of the vulnerability

A vulnerability of ImageMagick was announced.
Severity: 1/4.
Creation date: 23/09/2019.
Identifiers: FEDORA-2019-612d4f64dd, VIGILANCE-VUL-30382.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A vulnerability of ImageMagick was announced.
Full Vigil@nce bulletin... (Free trial)

computer weakness 30377

nbdkit: denial of service

Synthesis of the vulnerability

An attacker can trigger an overload of nbdkit, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 20/09/2019.
Identifiers: FEDORA-2019-867f0858e6, VIGILANCE-VUL-30377.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger an overload of nbdkit, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2019-16378

OpenDMARC: adress spoofing via From field duplication

Synthesis of the vulnerability

An attacker can make OpenDMARC skip the DMARC signature check via duplication of From field, in order to spoof a DNS domain.
Severity: 1/4.
Creation date: 20/09/2019.
Identifiers: CVE-2019-16378, DSA-4526-1, FEDORA-2019-24b3f84f6e, FEDORA-2019-e1f0417a24, VIGILANCE-VUL-30369.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can make OpenDMARC skip the DMARC signature check via duplication of From field, in order to spoof a DNS domain.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2019-14822

ibus: information disclosure via D-Bus socket

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via D-Bus socket of ibus, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 17/09/2019.
Identifiers: CVE-2019-14822, DSA-4525-1, FEDORA-2019-5bf13218a5, FEDORA-2019-b577187ba8, openSUSE-SU-2019:2174-1, openSUSE-SU-2019:2199-1, SUSE-SU-2019:2387-1, SUSE-SU-2019:2388-1, SUSE-SU-2019:2389-1, SUSE-SU-2019:2427-1, USN-4134-1, USN-4134-2, VIGILANCE-VUL-30347.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via D-Bus socket of ibus, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-9133

kmplayer: buffer overflow

Synthesis of the vulnerability

An attacker can trigger a buffer overflow of kmplayer, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 17/09/2019.
Identifiers: CVE-2019-9133, FEDORA-2019-32a2bf945e, FEDORA-2019-9b1da08d62, VIGILANCE-VUL-30342.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a buffer overflow of kmplayer, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2019-16235 CVE-2019-16236 CVE-2019-16237

Dino XMPP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Dino XMPP.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/09/2019.
Identifiers: CVE-2019-16235, CVE-2019-16236, CVE-2019-16237, DSA-4524-1, FEDORA-2019-0eb6d51f81, FEDORA-2019-3d3bb765ca, VIGILANCE-VUL-30341.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Dino XMPP.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2019-16275

hostapd: denial of service via adress spoofing

Synthesis of the vulnerability

An attacker can disconnect Wi-Fi devices with adress spoofing, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 17/09/2019.
Identifiers: CVE-2019-16275, DLA-1922-1, DSA-4538-1, FEDORA-2019-0e0b28001d, FEDORA-2019-2265b5ae86, FEDORA-2019-65509aac53, FEDORA-2019-740834c559, USN-4136-1, VIGILANCE-VUL-30340.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can disconnect Wi-Fi devices with adress spoofing, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Fedora: