The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Fedora

vulnerability note CVE-2018-12232

Linux kernel: NULL pointer dereference via sock_close/sockfs_setattr

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via sock_close/sockfs_setattr of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux.
Severity: 1/4.
Creation date: 13/06/2018.
Identifiers: CVE-2018-12232, FEDORA-2018-bb7aab12cb, VIGILANCE-VUL-26414.

Description of the vulnerability

The Noyau Linux product offers a web service.

However, it does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via sock_close/sockfs_setattr of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 26101

CKEditor: Cross Site Scripting via Enhanced Image

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Enhanced Image of CKEditor, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 11/05/2018.
Identifiers: FEDORA-2018-107dbc8cf4, FEDORA-2018-1361f39801, FEDORA-2018-e29c7d10da, VIGILANCE-VUL-26101.

Description of the vulnerability

The CKEditor product offers a web service.

However, it does not filter received data via Enhanced Image before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Enhanced Image of CKEditor, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2018-7033

Slurm: SQL injection via SlurmDBD

Synthesis of the vulnerability

An attacker can use a SQL injection via SlurmDBD of Slurm, in order to read or alter data.
Impacted products: Debian, Fedora.
Severity: 2/4.
Creation date: 28/03/2018.
Identifiers: CVE-2018-7033, DLA-1367-1, FEDORA-2018-df1a571a34, VIGILANCE-VUL-25671.

Description of the vulnerability

The Slurm product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via SlurmDBD of Slurm, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-7563

GLPI: Cross Site Scripting via front/preference.php

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via front/preference.php of GLPI, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 28/03/2018.
Identifiers: CVE-2018-7563, FEDORA-2018-1b67b3a3a3, FEDORA-2018-b0f6a5bdbc, VIGILANCE-VUL-25669.

Description of the vulnerability

The GLPI product offers a web service.

However, it does not filter received data via front/preference.php before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via front/preference.php of GLPI, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 25645

Monitorix: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Monitorix, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 26/03/2018.
Identifiers: FEDORA-2018-1724b6a0dc, FEDORA-2018-1d3d0e6f2e, VIGILANCE-VUL-25645.

Description of the vulnerability

The Monitorix product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Monitorix, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2018-5123

Bugzilla: Cross Site Request Forgery via report.cgi

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery via report.cgi of Bugzilla, in order to force the victim to perform operations.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 07/03/2018.
Identifiers: CVE-2018-5123, FEDORA-2018-1e0e37e148, FEDORA-2018-b79f325c48, VIGILANCE-VUL-25454.

Description of the vulnerability

The Bugzilla product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery via report.cgi of Bugzilla, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-7541

Xen: denial of service via a change of page table type

Synthesis of the vulnerability

A privileged attacker in a guest system can request a change of page table type to Xen without unmapping related pages, in order to make the host crash.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 27/02/2018.
Identifiers: CERTFR-2018-AVI-102, CERTFR-2018-AVI-145, CERTFR-2018-AVI-171, CTX232096, CTX232655, CVE-2018-7541, DLA-1300-1, DSA-4131-1, FEDORA-2018-0746dac335, FEDORA-2018-c553a586c8, openSUSE-SU-2018:1274-1, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, SUSE-SU-2018:1184-1, VIGILANCE-VUL-25386, XSA-255.

Description of the vulnerability

A privileged attacker in a guest system can request a change of page table type to Xen without unmapping related pages, in order to make the host crash.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2018-7540

Xen: denial of service via the L3/L4 page table management

Synthesis of the vulnerability

A privileged attacker in a guest system can make interrupt processing too long by requesting Xen to change the L3/L4 page tables, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 27/02/2018.
Identifiers: CERTFR-2018-AVI-102, CERTFR-2018-AVI-145, CERTFR-2018-AVI-171, CTX232096, CTX232655, CVE-2018-7540, DLA-1300-1, DSA-4131-1, FEDORA-2018-0746dac335, FEDORA-2018-c553a586c8, openSUSE-SU-2018:1274-1, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, SUSE-SU-2018:1184-1, VIGILANCE-VUL-25385, XSA-252.

Description of the vulnerability

A privileged attacker in a guest system can make interrupt processing too long by requesting Xen to change the L3/L4 page tables, in order to trigger a denial of service.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-6794

suricata: HTTP analysis bypass

Synthesis of the vulnerability

An attacker can prevent recognition of HTTP, in order to disable traffic analysis for the connection.
Impacted products: Fedora.
Severity: 1/4.
Creation date: 26/02/2018.
Identifiers: CVE-2018-6794, FEDORA-2018-ee417c4b28, VIGILANCE-VUL-25369.

Description of the vulnerability

An attacker can prevent recognition of HTTP, in order to disable traffic analysis for the connection.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-1000026

Linux kernel: denial of service via the bnx2x driver

Synthesis of the vulnerability

An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 12/02/2018.
Identifiers: CERTFR-2018-AVI-147, CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-196, CERTFR-2018-AVI-198, CVE-2018-1000026, FEDORA-2018-03a6606cb5, FEDORA-2018-7a62047e30, FEDORA-2018-884a105c04, openSUSE-SU-2018:0781-1, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0986-1, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3620-1, USN-3620-2, USN-3632-1, VIGILANCE-VUL-25279.

Description of the vulnerability

An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Fedora: