| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Fedora
Apache AXIS: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of Apache AXIS, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 23/08/2018.
Identifiers: CVE-2018-8032, FEDORA-2018-8a85ed2f10, openSUSE-SU-2018:3218-1, SUSE-SU-2018:3118-1, SUSE-SU-2018:3119-1, SUSE-SU-2018:3121-1, VIGILANCE-VUL-27069.
Description of the vulnerability
The Apache AXIS product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of Apache AXIS, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
phpMyAdmin: Cross Site Scripting via File Import Warning Messages
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via File Import Warning Messages of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 22/08/2018.
Identifiers: CERTFR-2018-AVI-404, CVE-2018-15605, FEDORA-2018-f2b24ce26e, openSUSE-SU-2018:2523-1, openSUSE-SU-2018:2525-1, openSUSE-SU-2018:2525-2, PMASA-2018-5, VIGILANCE-VUL-27059.
Description of the vulnerability
The phpMyAdmin product offers a web service.
However, it does not filter received data via warning messages before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via File Import Warning Messages of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
XStatic-jquery-ui: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of XStatic-jquery-ui, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 06/08/2018.
Identifiers: FEDORA-2018-2d2179e7d0, FEDORA-2018-f972c1b36e, VIGILANCE-VUL-26908.
Description of the vulnerability
The XStatic-jquery-ui product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of XStatic-jquery-ui, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
GLPI: SQL injection via inc/search.class.php
Synthesis of the vulnerability
An attacker can use a SQL injection via inc/search.class.php of GLPI, in order to read or alter data.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 16/07/2018.
Identifiers: CVE-2018-13049, FEDORA-2018-c766d7c0f0, FEDORA-2018-cdccabb23d, VIGILANCE-VUL-26744.
Description of the vulnerability
The GLPI product uses a database.
However, user's data are directly inserted in a SQL query.
An attacker can therefore use a SQL injection via inc/search.class.php of GLPI, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial) |
Mailman: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of Mailman, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, Fedora, openSUSE Leap, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 02/07/2018.
Identifiers: CVE-2018-0618, DLA-1442-1, DLA-1442-2, DSA-4246-1, FEDORA-2018-f8fd4c5798, JVN#00846677, openSUSE-SU-2018:1858-1, VIGILANCE-VUL-26594.
Description of the vulnerability
The Mailman product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of Mailman, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Eclipse Jetty: information disclosure via HTTP/0.9 Request Smuggling
Synthesis of the vulnerability
An attacker can use a vulnerability via HTTP/0.9 Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Impacted products: Debian, Jetty, Fedora, SnapManager, Puppet.
Severity: 2/4.
Creation date: 26/06/2018.
Identifiers: CVE-2017-7656, DSA-4278-1, FEDORA-2018-48b73ed393, FEDORA-2018-93a507fd0f, NTAP-20181014-0001, VIGILANCE-VUL-26533.
Description of the vulnerability
The Eclipse Jetty product offers a web service.
However, an attacker can bypass access restrictions to data.
An attacker can therefore use a vulnerability via HTTP/0.9 Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial) |
Sinatra: Cross Site Scripting via Bad Request
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Bad Request of Sinatra, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 25/06/2018.
Identifiers: CVE-2018-11627, FEDORA-2018-0b17e1e529, FEDORA-2018-3f61c5cf7c, VIGILANCE-VUL-26509.
Description of the vulnerability
The Sinatra product offers a web service.
However, it does not filter received data via Bad Request before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Bad Request of Sinatra, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
phpMyAdmin: Cross Site Scripting via Designer Feature
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Designer Feature of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 2/4.
Creation date: 22/06/2018.
Identifiers: CERTFR-2018-AVI-300, CVE-2018-12581, FEDORA-2018-68349e3094, openSUSE-SU-2018:1806-1, openSUSE-SU-2018:1809-1, PMASA-2018-3, VIGILANCE-VUL-26499.
Description of the vulnerability
The phpMyAdmin product offers a web service.
However, it does not filter received data via Designer Feature before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Designer Feature of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: NULL pointer dereference via sock_close/sockfs_setattr
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced via sock_close/sockfs_setattr of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, RHEL, Ubuntu.
Severity: 1/4.
Creation date: 13/06/2018.
Identifiers: CERTFR-2018-AVI-408, CERTFR-2018-AVI-413, CVE-2018-12232, FEDORA-2018-bb7aab12cb, RHSA-2018:2948-01, USN-3752-1, USN-3752-2, USN-3752-3, VIGILANCE-VUL-26414.
Description of the vulnerability
The Noyau Linux product offers a web service.
However, it does not check if a pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced via sock_close/sockfs_setattr of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
CKEditor: Cross Site Scripting via Enhanced Image
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Enhanced Image of CKEditor, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 11/05/2018.
Identifiers: FEDORA-2018-107dbc8cf4, FEDORA-2018-1361f39801, FEDORA-2018-e29c7d10da, VIGILANCE-VUL-26101.
Description of the vulnerability
The CKEditor product offers a web service.
However, it does not filter received data via Enhanced Image before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Enhanced Image of CKEditor, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Fedora:
|