The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat Fedora

computer vulnerability bulletin CVE-2017-7541

Linux kernel: buffer overflow via brcmf_cfg80211_mgmt_tx

Synthesis of the vulnerability

An attacker can generate a buffer overflow via brcmf_cfg80211_mgmt_tx() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 24/07/2017.
Identifiers: CERTFR-2017-AVI-275, CERTFR-2017-AVI-277, CERTFR-2017-AVI-293, CERTFR-2017-AVI-307, CERTFR-2017-AVI-375, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-400, CVE-2017-7541, DSA-3927-1, FEDORA-2017-39b5facda0, FEDORA-2017-544eef948f, openSUSE-SU-2017:2110-1, openSUSE-SU-2017:2112-1, RHSA-2017:2863-01, RHSA-2017:2918-01, RHSA-2017:2930-01, RHSA-2017:2931-01, SUSE-SU-2017:2286-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:2956-1, USN-3405-1, USN-3405-2, USN-3419-1, USN-3419-2, USN-3422-1, USN-3422-2, VIGILANCE-VUL-23338.

Description of the vulnerability

An attacker can generate a buffer overflow via brcmf_cfg80211_mgmt_tx() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-11406 CVE-2017-11407 CVE-2017-11408

Wireshark: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Wireshark.
Severity: 2/4.
Creation date: 19/07/2017.
Identifiers: bulletinjul2017, CVE-2017-11406, CVE-2017-11407, CVE-2017-11408, CVE-2017-11409, CVE-2017-11410, CVE-2017-11411, DLA-1226-1, DSA-4060-1, FEDORA-2017-f1f3dafb50, openSUSE-SU-2017:1958-1, VIGILANCE-VUL-23295, wnpa-sec-2017-13, wnpa-sec-2017-28, wnpa-sec-2017-34, wnpa-sec-2017-35, wnpa-sec-2017-36, wnpa-sec-2017-37.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can send malicious AMQP packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-11408, wnpa-sec-2017-34]

An attacker can send malicious MQ packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-11407, wnpa-sec-2017-35]

An attacker can generate an infinite loop via DOCSIS, in order to trigger a denial of service. [severity:1/4; CVE-2017-11406, wnpa-sec-2017-36]

An attacker can generate an infinite loop via GPRS LLC, in order to trigger a denial of service. [severity:1/4; CVE-2017-11409, wnpa-sec-2017-37]

An attacker can generate an infinite loop via WBXML, in order to trigger a denial of service. [severity:1/4; CVE-2017-11410, wnpa-sec-2017-13]

An attacker can trigger a fatal error via openSAFETY, in order to trigger a denial of service. [severity:1/4; CVE-2017-11411, wnpa-sec-2017-28]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-10970

Cacti: Cross Site Scripting via link.php

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via link.php of Cacti, in order to run JavaScript code in the context of the web site.
Impacted products: Cacti, Fedora, openSUSE Leap.
Severity: 2/4.
Creation date: 11/07/2017.
Identifiers: 838, CVE-2017-10970, FEDORA-2017-3db2a34403, FEDORA-2017-7ab0179693, FEDORA-2017-f8e32f160e, openSUSE-SU-2017:2087-1, VIGILANCE-VUL-23190.

Description of the vulnerability

The Cacti product offers a web service.

However, it does not filter received data via link.php before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via link.php of Cacti, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-11107

phpLDAPadmin: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of phpLDAPadmin, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, Fedora.
Severity: 2/4.
Creation date: 10/07/2017.
Identifiers: CVE-2017-11107, DLA-1019-1, DLA-1561-1, FEDORA-2017-05888dd4fe, FEDORA-2017-1a8bebaab4, FEDORA-2017-346836a623, VIGILANCE-VUL-23179.

Description of the vulnerability

The phpLDAPadmin product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of phpLDAPadmin, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-3142 CVE-2017-3143

ISC BIND: two vulnerabilities via TSIG Authentication

Synthesis of the vulnerability

An attacker can use several vulnerabilities via TSIG Authentication of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Junos OS, SRX-Series, NetBSD, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 30/06/2017.
Revision date: 07/07/2017.
Identifiers: AA-01503, AA-01504, bulletinjan2018, CERTFR-2017-AVI-199, CVE-2017-3142, CVE-2017-3143, DLA-1025-1, DLA-1025-2, DSA-3904-1, DSA-3904-2, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, JSA10875, K02230327, K59448931, openSUSE-SU-2017:1809-1, RHSA-2017:1679-01, RHSA-2017:1680-01, SSA:2017-180-02, SUSE-SU-2017:1736-1, SUSE-SU-2017:1737-1, SUSE-SU-2017:1738-1, USN-3346-1, USN-3346-2, USN-3346-3, VIGILANCE-VUL-23107.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can use a Zone Transfer, in order to obtain sensitive information. [severity:2/4; AA-01504, CVE-2017-3142]

An attacker can use a Dynamic Update, in order to alter a zone. [severity:3/4; AA-01503, CERTFR-2017-AVI-199, CVE-2017-3143]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-11142 CVE-2017-11143 CVE-2017-11144

PHP: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 05/07/2017.
Identifiers: 73807, 74145, 74651, 74819, bulletinapr2018, CERTFR-2017-AVI-204, CVE-2017-11142, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11146-REJECT, DLA-1034-1, DSA-4080-1, DSA-4081-1, FEDORA-2017-5ade380ab2, FEDORA-2017-b674dc22ad, FEDORA-2017-b8bb4b86e2, openSUSE-SU-2017:2337-1, openSUSE-SU-2017:2366-1, RHSA-2018:1296-01, SUSE-SU-2017:2303-1, USN-3382-1, USN-3382-2, VIGILANCE-VUL-23133.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An attacker can generate a memory corruption via an ill formed X.509 certificate, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 74651, CVE-2017-11144]

An attacker can read a memory fragment via php_parse_date(), in order to obtain sensitive information. [severity:1/4; 74819, CVE-2017-11145, CVE-2017-11146-REJECT]

An attacker can trigger server overload with POST requests over 2Mb. [severity:1/4; 73807, CVE-2017-11142]

An attacker can trigger a wrong memory free which leads to a fatal exception. [severity:2/4; 74145, CVE-2017-11143]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-10788 CVE-2017-10789

Perl DBD-mysql: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Perl DBD-mysql.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Perl Module ~ not comprehensive, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 03/07/2017.
Identifiers: bulletinjul2018, bulletinoct2018, CVE-2017-10788, CVE-2017-10789, DLA-1079-1, FEDORA-2017-42e41e9d25, FEDORA-2017-486371ff24, FEDORA-2017-874bd165c0, openSUSE-SU-2018:1463-1, SUSE-SU-2018:1449-1, SUSE-SU-2018:1450-1, VIGILANCE-VUL-23116.

Description of the vulnerability

Several vulnerabilities were announced in Perl DBD-mysql.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-10788]

The module may not use TLS without failure notification even when requested by the application. [severity:1/4; CVE-2017-10789]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-5087 CVE-2017-5088 CVE-2017-5089

Google chrome: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 19/06/2017.
Identifiers: CERTFR-2017-AVI-183, CVE-2017-5087, CVE-2017-5088, CVE-2017-5089, DSA-3926-1, FEDORA-2017-01e4d46f23, FEDORA-2017-1e34da27f3, FEDORA-2017-a7a488d8d0, FEDORA-2017-c2e1dc46a1, FEDORA-2017-e8a1e1e62a, openSUSE-SU-2017:1591-1, openSUSE-SU-2017:1593-1, RHSA-2017:1495-01, VIGILANCE-VUL-22991.

Description of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-5203 CVE-2016-5204 CVE-2016-5205

Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 02/12/2016.
Revisions dates: 01/02/2017, 15/06/2017.
Identifiers: 1000, 994, CERTFR-2016-AVI-394, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652, DSA-3731-1, FEDORA-2016-a815b7bf5d, FEDORA-2016-e0e1cb2b2b, FEDORA-2017-98bed96d12, FEDORA-2017-ae1fde5fb8, openSUSE-SU-2016:3108-1, openSUSE-SU-2017:0434-1, openSUSE-SU-2017:0563-1, openSUSE-SU-2017:0565-1, RHSA-2016:2919-01, USN-3153-1, VIGILANCE-VUL-21255.

Description of the vulnerability

Several vulnerabilities were announced in Chrome.

An attacker can bypass security features via V8, in order to obtain sensitive information. [severity:3/4; CVE-2016-9651]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5208]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5207]

An attacker can bypass the origin check via PDFium, in order to access to victim's data. [severity:3/4; CVE-2016-5206]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5205]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5204]

An attacker can generate a buffer overflow via Blink, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5209]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5203]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5210]

An attacker can bypass security features via DevTools, in order to obtain sensitive information. [severity:3/4; CVE-2016-5212]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5211]

An attacker can force the usage of a freed memory area via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5213]

An attacker can bypass security features via File Download, in order to obtain sensitive information. [severity:2/4; CVE-2016-5214]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5216]

An attacker can force the usage of a freed memory area via Webaudio, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5215]

An attacker can generate a memory corruption via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5217]

An attacker can alter displayed information via Omnibox, in order to deceive the victim. [severity:2/4; CVE-2016-5218]

An attacker can force the usage of a freed memory area via V8, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21621). [severity:2/4; CVE-2016-5219]

An attacker can generate an integer overflow via ANGLE, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5221]

An attacker can bypass file access restrictions via PDFium, in order to obtain sensitive information. [severity:2/4; CVE-2016-5220]

An attacker can alter displayed information via Omnibox, in order to deceive the victim. [severity:2/4; CVE-2016-5222]

An attacker can bypass security features via CSP Referrer, in order to obtain sensitive information. [severity:1/4; CVE-2016-9650]

An attacker can generate an integer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2016-5223]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:1/4; CVE-2016-5226]

An attacker can bypass security features via Blink, in order to obtain sensitive information. [severity:1/4; CVE-2016-5225]

An attacker can bypass the origin check via SVG, in order to access to victim's data. [severity:1/4; CVE-2016-5224]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9652]

An unknown vulnerability was announced via HTMLKeygenElement::shadowSelect(). [severity:2/4; 994]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-9616 CVE-2017-9617

Wireshark: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Fedora, Wireshark.
Severity: 2/4.
Creation date: 15/06/2017.
Identifiers: 13777, 13799, CVE-2017-9616, CVE-2017-9617, FEDORA-2018-cdf3f8e8b0, VIGILANCE-VUL-22982.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can trigger a stack exhaustion by large nesting of DAAP structures. [severity:2/4; 13799, CVE-2017-9617]

An attacker can trigger a stack exhaustion by large nesting of DAAP structures. [severity:2/4; 13777, CVE-2017-9616]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Fedora: