The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Fedora

vulnerability CVE-2019-7308

Linux kernel: information disclosure via BPF Pointer Arithmetic

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via BPF Pointer Arithmetic of the Linux kernel, in order to obtain sensitive information.
Impacted products: Fedora, Linux.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 04/02/2019.
Identifiers: 1711, CVE-2019-7308, FEDORA-2019-7d3500d712, FEDORA-2019-96b31a9602, VIGILANCE-VUL-28430.

Description of the vulnerability

An attacker can bypass access restrictions to data via BPF Pointer Arithmetic of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-3460

Linux kernel: information disclosure via L2CAP_PARSE_CONF_RSP

Synthesis of the vulnerability

A local attacker can read a memory fragment via L2CAP_PARSE_CONF_RSP of the Linux kernel, in order to obtain sensitive information.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 11/01/2019.
Identifiers: CERTFR-2019-AVI-071, CVE-2019-3460, FEDORA-2019-509c133845, FEDORA-2019-f812c9fb22, openSUSE-SU-2019:0140-1, openSUSE-SU-2019:0203-1, SUSE-SU-2019:0439-1, VIGILANCE-VUL-28250.

Description of the vulnerability

A local attacker can read a memory fragment via L2CAP_PARSE_CONF_RSP of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-3459

Linux kernel: information disclosure via L2CAP_GET_CONF_OPT

Synthesis of the vulnerability

A local attacker can read a memory fragment via L2CAP_GET_CONF_OPT of the Linux kernel, in order to obtain sensitive information.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 11/01/2019.
Identifiers: CERTFR-2019-AVI-071, CVE-2019-3459, FEDORA-2019-509c133845, FEDORA-2019-f812c9fb22, openSUSE-SU-2019:0140-1, openSUSE-SU-2019:0203-1, SUSE-SU-2019:0439-1, VIGILANCE-VUL-28249.

Description of the vulnerability

A local attacker can read a memory fragment via L2CAP_GET_CONF_OPT of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-3701

Linux kernel: denial of service via can_can_gw_rcv

Synthesis of the vulnerability

An attacker can trigger a fatal error via can_can_gw_rcv() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, Slackware.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 04/01/2019.
Identifiers: CVE-2019-3701, FEDORA-2019-337484d88b, FEDORA-2019-b0f7a7b74b, SSA:2019-030-01, VIGILANCE-VUL-28165.

Description of the vulnerability

An attacker can trigger a fatal error via can_can_gw_rcv() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-20483

wget: information disclosure via set_file_metadata

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via set_file_metadata() of wget, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 04/01/2019.
Identifiers: CVE-2018-20483, FEDORA-2019-088875c43a, FEDORA-2019-427a0ba9e3, FEDORA-2019-d1b5cf0055, openSUSE-SU-2019:0057-1, SUSE-SU-2019:0093-1, VIGILANCE-VUL-28162.

Description of the vulnerability

An attacker can bypass access restrictions to data via set_file_metadata() of wget, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-19870

libQt5: NULL pointer dereference via QGifHandler

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via QGifHandler() of libQt5, in order to trigger a denial of service.
Impacted products: Debian, Fedora.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/01/2019.
Identifiers: CVE-2018-19870, DLA-1627-1, DSA-4374-1, FEDORA-2019-3c45bd2cc3, VIGILANCE-VUL-28150.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via QGifHandler() of libQt5, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-18897

Poppler: memory leak via GfxColorSpace-setDisplayProfile

Synthesis of the vulnerability

An attacker can create a memory leak via GfxColorSpace::setDisplayProfile() of Poppler, in order to trigger a denial of service.
Impacted products: Fedora.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 31/12/2018.
Identifiers: CVE-2018-18897, FEDORA-2018-12b934e224, FEDORA-2018-679f8aba03, FEDORA-2019-40f4af0687, FEDORA-2019-7ff7f5093e, VIGILANCE-VUL-28132.

Description of the vulnerability

An attacker can create a memory leak via GfxColorSpace::setDisplayProfile() of Poppler, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-7441

Leptonica: file corruption

Synthesis of the vulnerability

A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of Leptonica.
Impacted products: Fedora.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 31/12/2018.
Identifiers: CVE-2018-7441, FEDORA-2018-4db33b3753, FEDORA-2018-93a16d053f, VIGILANCE-VUL-28131.

Description of the vulnerability

A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of Leptonica.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-6616

OpenJPEG: infinite loop via opj_t1_encode_cblks

Synthesis of the vulnerability

An attacker can trigger an infinite loop via opj_t1_encode_cblks() of OpenJPEG, in order to trigger a denial of service.
Impacted products: Debian, Fedora.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 27/12/2018.
Identifiers: CVE-2018-6616, DLA-1614-1, FEDORA-2018-200c84e08a, FEDORA-2018-87c15da28c, VIGILANCE-VUL-28080.

Description of the vulnerability

An attacker can trigger an infinite loop via opj_t1_encode_cblks() of OpenJPEG, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-16884

Linux kernel: use after free via bc_svc_process

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via bc_svc_process() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 19/12/2018.
Identifiers: CERTFR-2019-AVI-038, CERTFR-2019-AVI-042, CERTFR-2019-AVI-051, CERTFR-2019-AVI-071, CVE-2018-16884, FEDORA-2019-20a89ca9af, openSUSE-SU-2019:0065-1, openSUSE-SU-2019:0140-1, SSA:2019-030-01, SUSE-SU-2019:0148-1, SUSE-SU-2019:0196-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0320-1, SUSE-SU-2019:0439-1, VIGILANCE-VUL-28055.

Description of the vulnerability

An attacker can force the usage of a freed memory area via bc_svc_process() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Fedora: