| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Fedora
Linux kernel: information disclosure via BPF Pointer Arithmetic
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via BPF Pointer Arithmetic of the Linux kernel, in order to obtain sensitive information.
Impacted products: Fedora, Linux.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 04/02/2019.
Identifiers: 1711, CVE-2019-7308, FEDORA-2019-7d3500d712, FEDORA-2019-96b31a9602, VIGILANCE-VUL-28430.
Description of the vulnerability
An attacker can bypass access restrictions to data via BPF Pointer Arithmetic of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: information disclosure via L2CAP_PARSE_CONF_RSP
Synthesis of the vulnerability
A local attacker can read a memory fragment via L2CAP_PARSE_CONF_RSP of the Linux kernel, in order to obtain sensitive information.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 11/01/2019.
Identifiers: CERTFR-2019-AVI-071, CVE-2019-3460, FEDORA-2019-509c133845, FEDORA-2019-f812c9fb22, openSUSE-SU-2019:0140-1, openSUSE-SU-2019:0203-1, SUSE-SU-2019:0439-1, VIGILANCE-VUL-28250.
Description of the vulnerability
A local attacker can read a memory fragment via L2CAP_PARSE_CONF_RSP of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: information disclosure via L2CAP_GET_CONF_OPT
Synthesis of the vulnerability
A local attacker can read a memory fragment via L2CAP_GET_CONF_OPT of the Linux kernel, in order to obtain sensitive information.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 11/01/2019.
Identifiers: CERTFR-2019-AVI-071, CVE-2019-3459, FEDORA-2019-509c133845, FEDORA-2019-f812c9fb22, openSUSE-SU-2019:0140-1, openSUSE-SU-2019:0203-1, SUSE-SU-2019:0439-1, VIGILANCE-VUL-28249.
Description of the vulnerability
A local attacker can read a memory fragment via L2CAP_GET_CONF_OPT of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: denial of service via can_can_gw_rcv
Synthesis of the vulnerability
An attacker can trigger a fatal error via can_can_gw_rcv() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, Slackware.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 04/01/2019.
Identifiers: CVE-2019-3701, FEDORA-2019-337484d88b, FEDORA-2019-b0f7a7b74b, SSA:2019-030-01, VIGILANCE-VUL-28165.
Description of the vulnerability
An attacker can trigger a fatal error via can_can_gw_rcv() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
wget: information disclosure via set_file_metadata
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via set_file_metadata() of wget, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 04/01/2019.
Identifiers: CVE-2018-20483, FEDORA-2019-088875c43a, FEDORA-2019-427a0ba9e3, FEDORA-2019-d1b5cf0055, openSUSE-SU-2019:0057-1, SUSE-SU-2019:0093-1, VIGILANCE-VUL-28162.
Description of the vulnerability
An attacker can bypass access restrictions to data via set_file_metadata() of wget, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
libQt5: NULL pointer dereference via QGifHandler
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced via QGifHandler() of libQt5, in order to trigger a denial of service.
Impacted products: Debian, Fedora.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/01/2019.
Identifiers: CVE-2018-19870, DLA-1627-1, DSA-4374-1, FEDORA-2019-3c45bd2cc3, VIGILANCE-VUL-28150.
Description of the vulnerability
An attacker can force a NULL pointer to be dereferenced via QGifHandler() of libQt5, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Poppler: memory leak via GfxColorSpace-setDisplayProfile
Synthesis of the vulnerability
An attacker can create a memory leak via GfxColorSpace::setDisplayProfile() of Poppler, in order to trigger a denial of service.
Impacted products: Fedora.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 31/12/2018.
Identifiers: CVE-2018-18897, FEDORA-2018-12b934e224, FEDORA-2018-679f8aba03, FEDORA-2019-40f4af0687, FEDORA-2019-7ff7f5093e, VIGILANCE-VUL-28132.
Description of the vulnerability
An attacker can create a memory leak via GfxColorSpace::setDisplayProfile() of Poppler, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Leptonica: file corruption
Synthesis of the vulnerability
A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of Leptonica.
Impacted products: Fedora.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 31/12/2018.
Identifiers: CVE-2018-7441, FEDORA-2018-4db33b3753, FEDORA-2018-93a16d053f, VIGILANCE-VUL-28131.
Description of the vulnerability
A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of Leptonica.
Full Vigil@nce bulletin... (Free trial) |
OpenJPEG: infinite loop via opj_t1_encode_cblks
Synthesis of the vulnerability
An attacker can trigger an infinite loop via opj_t1_encode_cblks() of OpenJPEG, in order to trigger a denial of service.
Impacted products: Debian, Fedora.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 27/12/2018.
Identifiers: CVE-2018-6616, DLA-1614-1, FEDORA-2018-200c84e08a, FEDORA-2018-87c15da28c, VIGILANCE-VUL-28080.
Description of the vulnerability
An attacker can trigger an infinite loop via opj_t1_encode_cblks() of OpenJPEG, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: use after free via bc_svc_process
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area via bc_svc_process() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 19/12/2018.
Identifiers: CERTFR-2019-AVI-038, CERTFR-2019-AVI-042, CERTFR-2019-AVI-051, CERTFR-2019-AVI-071, CVE-2018-16884, FEDORA-2019-20a89ca9af, openSUSE-SU-2019:0065-1, openSUSE-SU-2019:0140-1, SSA:2019-030-01, SUSE-SU-2019:0148-1, SUSE-SU-2019:0196-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0320-1, SUSE-SU-2019:0439-1, VIGILANCE-VUL-28055.
Description of the vulnerability
An attacker can force the usage of a freed memory area via bc_svc_process() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Fedora:
|