| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Fedora
Linux kernel: denial of service via UDP
Synthesis of the vulnerability
An attacker can send UDP packets without payload to the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 03/05/2019.
Identifiers: CVE-2019-11683, FEDORA-2019-5b76e711b3, USN-3979-1, VIGILANCE-VUL-29219.
Description of the vulnerability
An attacker can send UDP packets without payload to the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Enigmail: creation of fake status messages
Synthesis of the vulnerability
An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 14/06/2018.
Revision date: 02/05/2019.
Identifiers: CVE-2018-12019, FEDORA-2018-a4bb79ea75, FEDORA-2018-fd67c19256, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, SUSE-SU-2018:2243-1, VIGILANCE-VUL-26424.
Description of the vulnerability
An attacker can create fake status messages in Enigmail, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial) |
GnuPG: creation of fake status messages
Synthesis of the vulnerability
An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Debian, Fedora, GnuPG, Junos Space, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 08/06/2018.
Revision date: 02/05/2019.
Identifiers: bulletinjul2018, CVE-2018-12020, DSA-4222-1, DSA-4223-1, FEDORA-2018-4ef71d3525, FEDORA-2018-69780fc4d7, FEDORA-2018-a4e13742b4, JSA10917, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, openSUSE-SU-2018:1722-1, openSUSE-SU-2018:1724-1, RHSA-2018:2180-01, RHSA-2018:2181-01, SSA:2018-159-01, SSA:2018-170-01, SUSE-SU-2018:1696-1, SUSE-SU-2018:1698-1, SUSE-SU-2018:2243-1, T4012, USN-3675-1, USN-3675-2, USN-3675-3, USN-3964-1, VIGILANCE-VUL-26364.
Description of the vulnerability
An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial) |
Memcached: denial of service
Synthesis of the vulnerability
An attacker can send malicious packets to Memcached, in order to trigger a denial of service.
Impacted products: Fedora, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 02/05/2019.
Identifiers: CVE-2019-11596, FEDORA-2019-2bd8e73268, FEDORA-2019-df4c0ba2db, USN-3963-1, VIGILANCE-VUL-29178.
Description of the vulnerability
An attacker can send malicious packets to Memcached, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: denial of service via vhost_net
Synthesis of the vulnerability
An attacker can send malicious vhost_net packets to Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 26/04/2019.
Identifiers: CVE-2019-3900, FEDORA-2019-640f8d8dd1, FEDORA-2019-8219efa9f6, FEDORA-2019-87d807d7cb, VIGILANCE-VUL-29144.
Description of the vulnerability
An attacker can send malicious vhost_net packets to Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: buffer overflow via brcmf_wowl_nd_results
Synthesis of the vulnerability
An attacker can trigger a buffer overflow via brcmf_wowl_nd_results() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/04/2019.
Identifiers: CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CVE-2019-9500, CVE-2019-9503, FEDORA-2019-1b986880ea, FEDORA-2019-1e8a4c6958, FEDORA-2019-8219efa9f6, FEDORA-2019-87d807d7cb, openSUSE-SU-2019:1404-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, VIGILANCE-VUL-29128, VU#166939.
Description of the vulnerability
An attacker can trigger a buffer overflow via brcmf_wowl_nd_results() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
python-urllib3: two vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of python-urllib3.
Impacted products: Fedora.
Severity: 1/4.
Consequences: user access/rights, data creation/edition.
Provenance: internet server.
Creation date: 24/04/2019.
Identifiers: FEDORA-2019-8560719e80, FEDORA-2019-a6c56f9756, VIGILANCE-VUL-29115.
Description of the vulnerability
An attacker can use several vulnerabilities of python-urllib3.
Full Vigil@nce bulletin... (Free trial) |
Meson: privilege escalation via an executable stack
Synthesis of the vulnerability
An attacker can bypass memory access restrictions because Meson wrongly creates an executable stack, in order to escalate his privileges.
Impacted products: Fedora.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 23/04/2019.
Identifiers: FEDORA-2019-27e7b92407, VIGILANCE-VUL-29102.
Description of the vulnerability
An attacker can bypass memory access restrictions because Meson wrongly creates an executable stack, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
atomic-reactor: information disclosure via exceptions
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via exceptions of atomic-reactor, in order to obtain sensitive information.
Impacted products: Fedora.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 19/04/2019.
Identifiers: CVE-2019-1002162, FEDORA-2019-b60638d04e, VIGILANCE-VUL-29096.
Description of the vulnerability
An attacker can bypass access restrictions to data via exceptions of atomic-reactor, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
osbs-client: information disclosure about oauth
Synthesis of the vulnerability
An attacker can read the debuf log of osbs-client, in order to obtain sensitive information.
Impacted products: Fedora.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 19/04/2019.
Identifiers: FEDORA-2019-b6ec9df480, VIGILANCE-VUL-29095.
Description of the vulnerability
An attacker can read the debuf log of osbs-client, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Fedora:
|