| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Fedora
Linux kernel: NULL pointer dereference via sock_close/sockfs_setattr
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced via sock_close/sockfs_setattr of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux.
Severity: 1/4.
Creation date: 13/06/2018.
Identifiers: CVE-2018-12232, FEDORA-2018-bb7aab12cb, VIGILANCE-VUL-26414.
Description of the vulnerability
The Noyau Linux product offers a web service.
However, it does not check if a pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced via sock_close/sockfs_setattr of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
CKEditor: Cross Site Scripting via Enhanced Image
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Enhanced Image of CKEditor, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 11/05/2018.
Identifiers: FEDORA-2018-107dbc8cf4, FEDORA-2018-1361f39801, FEDORA-2018-e29c7d10da, VIGILANCE-VUL-26101.
Description of the vulnerability
The CKEditor product offers a web service.
However, it does not filter received data via Enhanced Image before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Enhanced Image of CKEditor, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Slurm: SQL injection via SlurmDBD
Synthesis of the vulnerability
An attacker can use a SQL injection via SlurmDBD of Slurm, in order to read or alter data.
Impacted products: Debian, Fedora.
Severity: 2/4.
Creation date: 28/03/2018.
Identifiers: CVE-2018-7033, DLA-1367-1, FEDORA-2018-df1a571a34, VIGILANCE-VUL-25671.
Description of the vulnerability
The Slurm product uses a database.
However, user's data are directly inserted in a SQL query.
An attacker can therefore use a SQL injection via SlurmDBD of Slurm, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial) |
GLPI: Cross Site Scripting via front/preference.php
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via front/preference.php of GLPI, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 28/03/2018.
Identifiers: CVE-2018-7563, FEDORA-2018-1b67b3a3a3, FEDORA-2018-b0f6a5bdbc, VIGILANCE-VUL-25669.
Description of the vulnerability
The GLPI product offers a web service.
However, it does not filter received data via front/preference.php before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via front/preference.php of GLPI, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Monitorix: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of Monitorix, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 26/03/2018.
Identifiers: FEDORA-2018-1724b6a0dc, FEDORA-2018-1d3d0e6f2e, VIGILANCE-VUL-25645.
Description of the vulnerability
The Monitorix product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of Monitorix, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Bugzilla: Cross Site Request Forgery via report.cgi
Synthesis of the vulnerability
An attacker can trigger a Cross Site Request Forgery via report.cgi of Bugzilla, in order to force the victim to perform operations.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 07/03/2018.
Identifiers: CVE-2018-5123, FEDORA-2018-1e0e37e148, FEDORA-2018-b79f325c48, VIGILANCE-VUL-25454.
Description of the vulnerability
The Bugzilla product offers a web service.
However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.
An attacker can therefore trigger a Cross Site Request Forgery via report.cgi of Bugzilla, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial) |
Xen: denial of service via a change of page table type
Synthesis of the vulnerability
A privileged attacker in a guest system can request a change of page table type to Xen without unmapping related pages, in order to make the host crash.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 27/02/2018.
Identifiers: CERTFR-2018-AVI-102, CERTFR-2018-AVI-145, CERTFR-2018-AVI-171, CTX232096, CTX232655, CVE-2018-7541, DLA-1300-1, DSA-4131-1, FEDORA-2018-0746dac335, FEDORA-2018-c553a586c8, openSUSE-SU-2018:1274-1, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, SUSE-SU-2018:1184-1, VIGILANCE-VUL-25386, XSA-255.
Description of the vulnerability
A privileged attacker in a guest system can request a change of page table type to Xen without unmapping related pages, in order to make the host crash.
Complete Vigil@nce bulletin.... (Free trial) |
Xen: denial of service via the L3/L4 page table management
Synthesis of the vulnerability
A privileged attacker in a guest system can make interrupt processing too long by requesting Xen to change the L3/L4 page tables, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 27/02/2018.
Identifiers: CERTFR-2018-AVI-102, CERTFR-2018-AVI-145, CERTFR-2018-AVI-171, CTX232096, CTX232655, CVE-2018-7540, DLA-1300-1, DSA-4131-1, FEDORA-2018-0746dac335, FEDORA-2018-c553a586c8, openSUSE-SU-2018:1274-1, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, SUSE-SU-2018:1184-1, VIGILANCE-VUL-25385, XSA-252.
Description of the vulnerability
A privileged attacker in a guest system can make interrupt processing too long by requesting Xen to change the L3/L4 page tables, in order to trigger a denial of service.
A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial) |
suricata: HTTP analysis bypass
Synthesis of the vulnerability
An attacker can prevent recognition of HTTP, in order to disable traffic analysis for the connection.
Impacted products: Fedora.
Severity: 1/4.
Creation date: 26/02/2018.
Identifiers: CVE-2018-6794, FEDORA-2018-ee417c4b28, VIGILANCE-VUL-25369.
Description of the vulnerability
An attacker can prevent recognition of HTTP, in order to disable traffic analysis for the connection.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: denial of service via the bnx2x driver
Synthesis of the vulnerability
An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 12/02/2018.
Identifiers: CERTFR-2018-AVI-147, CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-196, CERTFR-2018-AVI-198, CVE-2018-1000026, FEDORA-2018-03a6606cb5, FEDORA-2018-7a62047e30, FEDORA-2018-884a105c04, openSUSE-SU-2018:0781-1, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0986-1, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3620-1, USN-3620-2, USN-3632-1, VIGILANCE-VUL-25279.
Description of the vulnerability
An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Fedora:
|