| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Red Hat Fedora
WebKitGTK+: memory corruption via State Management
Synthesis of the vulnerability
An attacker can generate a memory corruption via State Management of WebKitGTK+, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/05/2018.
Identifiers: bulletinoct2018, CVE-2018-4200, FEDORA-2018-6a9fea1b3a, FEDORA-2018-93ba62d099, FEDORA-2018-97c58e29e4, HT208743, openSUSE-SU-2018:3473-1, SUSE-SU-2018:3387-1, USN-3640-1, VIGILANCE-VUL-26080.
Description of the vulnerability
An attacker can generate a memory corruption via State Management of WebKitGTK+, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
DPDK: information disclosure via Guest Physical Ranges
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Guest Physical Ranges of DPDK, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1059, FEDORA-2018-2c965abb15, openSUSE-SU-2018:1560-1, openSUSE-SU-2018:4003-1, RHSA-2018:2038-01, SUSE-SU-2018:1492-1, SUSE-SU-2018:3923-1, USN-3642-1, USN-3642-2, VIGILANCE-VUL-26075.
Description of the vulnerability
An attacker can bypass access restrictions to data via Guest Physical Ranges of DPDK, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
wget: information disclosure via Cookies Injection
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Cookies Injection of wget, in order to obtain sensitive information.
Impacted products: Debian, Fedora, McAfee Web Gateway, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 09/05/2018.
Identifiers: CVE-2018-0494, DLA-1375-1, DSA-4195-1, FEDORA-2018-11b37d7a68, FEDORA-2018-29ebba0906, FEDORA-2018-f29459149a, openSUSE-SU-2018:1383-1, RHSA-2018:3052-01, SB10276, SSA:2018-129-02, SUSE-SU-2018:1367-1, SUSE-SU-2018:1373-1, USN-3643-1, USN-3643-2, VIGILANCE-VUL-26070.
Description of the vulnerability
An attacker can bypass access restrictions to data via Cookies Injection of wget, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Xen: infinite loop via Device Model
Synthesis of the vulnerability
An attacker, inside a guest system, can generate an infinite loop via Device Model of Xen, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-229, CVE-2018-10981, DLA-1383-1, DLA-1559-1, DSA-4201-1, FEDORA-2018-7cd077ddd3, FEDORA-2018-98684f429b, FEDORA-2018-a7ac26523d, openSUSE-SU-2018:1487-1, SUSE-SU-2018:1456-1, SUSE-SU-2018:2528-1, VIGILANCE-VUL-26065, XSA-262.
Description of the vulnerability
An attacker, inside a guest system, can generate an infinite loop via Device Model of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial) |
Xen: privilege escalation via vHPET Interrupt Injection
Synthesis of the vulnerability
An attacker, inside a guest system, can bypass restrictions via vHPET Interrupt Injection of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-225, CERTFR-2018-AVI-229, CTX234679, CVE-2018-10982, DLA-1383-1, DLA-1549-1, DSA-4201-1, FEDORA-2018-7cd077ddd3, FEDORA-2018-98684f429b, FEDORA-2018-a7ac26523d, openSUSE-SU-2018:1487-1, SUSE-SU-2018:1456-1, SUSE-SU-2018:2528-1, VIGILANCE-VUL-26064, XSA-261.
Description of the vulnerability
An attacker, inside a guest system, can bypass restrictions via vHPET Interrupt Injection of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial) |
Xen: privilege escalation via Debug Exceptions
Synthesis of the vulnerability
An attacker, inside a guest system, can bypass restrictions via Debug Exceptions of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-225, CERTFR-2018-AVI-229, CTX234679, CVE-2018-8897, DLA-1383-1, DLA-1577-1, DSA-4201-1, FEDORA-2018-7cd077ddd3, FEDORA-2018-98684f429b, FEDORA-2018-a7ac26523d, openSUSE-SU-2018:1274-1, SUSE-SU-2018:1177-1, SUSE-SU-2018:1181-1, SUSE-SU-2018:1184-1, SUSE-SU-2018:1202-1, SUSE-SU-2018:1203-1, SUSE-SU-2018:1216-1, VIGILANCE-VUL-26063, XSA-260.
Description of the vulnerability
An attacker, inside a guest system, can bypass restrictions via Debug Exceptions of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial) |
Apache POI: infinite loop via PPT
Synthesis of the vulnerability
An attacker can generate an infinite loop via PPT of Apache POI, in order to trigger a denial of service.
Impacted products: Fedora.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 07/05/2018.
Identifiers: 2016039, CVE-2014-9527, FEDORA-2015-2087, FEDORA-2015-2090, VIGILANCE-VUL-26055.
Description of the vulnerability
An attacker can generate an infinite loop via PPT of Apache POI, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
kwallet-pam: file corruption
Synthesis of the vulnerability
A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of kwallet-pam.
Impacted products: Debian, Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 07/05/2018.
Identifiers: CVE-2018-10380, DSA-4200-1, FEDORA-2018-a954bb958b, FEDORA-2018-b8cbd331a1, FEDORA-2018-e56bdde239, openSUSE-SU-2018:1149-1, VIGILANCE-VUL-26053.
Description of the vulnerability
A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of kwallet-pam.
Full Vigil@nce bulletin... (Free trial) |
ScummVM: code execution via posix.cpp
Synthesis of the vulnerability
An attacker can use a vulnerability via posix.cpp of ScummVM, in order to run code.
Impacted products: Fedora.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 07/05/2018.
Identifiers: CVE-2017-17528, FEDORA-2018-9a85d5af21, FEDORA-2018-d275e6ff0c, VIGILANCE-VUL-26052.
Description of the vulnerability
An attacker can use a vulnerability via posix.cpp of ScummVM, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Zsh: buffer overflow via checkmailpath
Synthesis of the vulnerability
An attacker can generate a buffer overflow via checkmailpath() of Zsh, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 07/05/2018.
Identifiers: bulletinoct2018, CVE-2018-1100, FEDORA-2018-ac1d9c2777, openSUSE-SU-2018:1893-1, openSUSE-SU-2018:2966-1, RHSA-2018:1932-01, RHSA-2018:3073-01, SSA:2019-013-01, SUSE-SU-2018:1874-1, USN-3764-1, VIGILANCE-VUL-26051.
Description of the vulnerability
An attacker can generate a buffer overflow via checkmailpath() of Zsh, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Red Hat Fedora:
|