| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Fedora
XStatic-jquery-ui: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of XStatic-jquery-ui, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 06/08/2018.
Identifiers: FEDORA-2018-2d2179e7d0, FEDORA-2018-f972c1b36e, VIGILANCE-VUL-26908.
Description of the vulnerability
The XStatic-jquery-ui product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of XStatic-jquery-ui, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
GLPI: SQL injection via inc/search.class.php
Synthesis of the vulnerability
An attacker can use a SQL injection via inc/search.class.php of GLPI, in order to read or alter data.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 16/07/2018.
Identifiers: CVE-2018-13049, FEDORA-2018-c766d7c0f0, FEDORA-2018-cdccabb23d, VIGILANCE-VUL-26744.
Description of the vulnerability
The GLPI product uses a database.
However, user's data are directly inserted in a SQL query.
An attacker can therefore use a SQL injection via inc/search.class.php of GLPI, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial) |
Mailman: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of Mailman, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, Fedora, openSUSE Leap, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 02/07/2018.
Identifiers: CVE-2018-0618, DLA-1442-1, DLA-1442-2, DSA-4246-1, FEDORA-2018-f8fd4c5798, JVN#00846677, openSUSE-SU-2018:1858-1, VIGILANCE-VUL-26594.
Description of the vulnerability
The Mailman product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of Mailman, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Eclipse Jetty: information disclosure via HTTP/0.9 Request Smuggling
Synthesis of the vulnerability
An attacker can use a vulnerability via HTTP/0.9 Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Impacted products: Debian, Jetty, Fedora, SnapManager.
Severity: 2/4.
Creation date: 26/06/2018.
Identifiers: CVE-2017-7656, DSA-4278-1, FEDORA-2018-48b73ed393, FEDORA-2018-93a507fd0f, NTAP-20181014-0001, VIGILANCE-VUL-26533.
Description of the vulnerability
The Eclipse Jetty product offers a web service.
However, an attacker can bypass access restrictions to data.
An attacker can therefore use a vulnerability via HTTP/0.9 Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial) |
Sinatra: Cross Site Scripting via Bad Request
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Bad Request of Sinatra, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 25/06/2018.
Identifiers: CVE-2018-11627, FEDORA-2018-0b17e1e529, FEDORA-2018-3f61c5cf7c, VIGILANCE-VUL-26509.
Description of the vulnerability
The Sinatra product offers a web service.
However, it does not filter received data via Bad Request before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Bad Request of Sinatra, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
phpMyAdmin: Cross Site Scripting via Designer Feature
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Designer Feature of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 2/4.
Creation date: 22/06/2018.
Identifiers: CERTFR-2018-AVI-300, CVE-2018-12581, FEDORA-2018-68349e3094, openSUSE-SU-2018:1806-1, openSUSE-SU-2018:1809-1, PMASA-2018-3, VIGILANCE-VUL-26499.
Description of the vulnerability
The phpMyAdmin product offers a web service.
However, it does not filter received data via Designer Feature before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Designer Feature of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: NULL pointer dereference via sock_close/sockfs_setattr
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced via sock_close/sockfs_setattr of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, Ubuntu.
Severity: 1/4.
Creation date: 13/06/2018.
Identifiers: CERTFR-2018-AVI-408, CERTFR-2018-AVI-413, CVE-2018-12232, FEDORA-2018-bb7aab12cb, USN-3752-1, USN-3752-2, USN-3752-3, VIGILANCE-VUL-26414.
Description of the vulnerability
The Noyau Linux product offers a web service.
However, it does not check if a pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced via sock_close/sockfs_setattr of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
CKEditor: Cross Site Scripting via Enhanced Image
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Enhanced Image of CKEditor, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 11/05/2018.
Identifiers: FEDORA-2018-107dbc8cf4, FEDORA-2018-1361f39801, FEDORA-2018-e29c7d10da, VIGILANCE-VUL-26101.
Description of the vulnerability
The CKEditor product offers a web service.
However, it does not filter received data via Enhanced Image before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Enhanced Image of CKEditor, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Slurm: SQL injection via SlurmDBD
Synthesis of the vulnerability
An attacker can use a SQL injection via SlurmDBD of Slurm, in order to read or alter data.
Impacted products: Debian, Fedora.
Severity: 2/4.
Creation date: 28/03/2018.
Identifiers: CVE-2018-7033, DLA-1367-1, DLA-1437-1, DLA-1437-2, DSA-4254-1, FEDORA-2018-df1a571a34, VIGILANCE-VUL-25671.
Description of the vulnerability
The Slurm product uses a database.
However, user's data are directly inserted in a SQL query.
An attacker can therefore use a SQL injection via SlurmDBD of Slurm, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial) |
GLPI: Cross Site Scripting via front/preference.php
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via front/preference.php of GLPI, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 28/03/2018.
Identifiers: CVE-2018-7563, FEDORA-2018-1b67b3a3a3, FEDORA-2018-b0f6a5bdbc, VIGILANCE-VUL-25669.
Description of the vulnerability
The GLPI product offers a web service.
However, it does not filter received data via front/preference.php before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via front/preference.php of GLPI, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Fedora:
|