| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Red Hat Fedora
PHP: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, client access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/01/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-007, CVE-2018-14884, CVE-2018-5712, DLA-1251-1, FEDORA-2018-c4e9207c31, FEDORA-2018-d034538627, openSUSE-SU-2018:0248-1, openSUSE-SU-2018:0318-1, RHSA-2018:1296-01, SSA:2018-034-01, SSA:2018-136-02, SUSE-SU-2018:0806-1, USN-3566-1, USN-3600-1, USN-3600-2, VIGILANCE-VUL-24947.
Description of the vulnerability
An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial) |
Poppler: buffer overflow
Synthesis of the vulnerability
An attacker can generate a buffer overflow of Poppler, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/01/2018.
Identifiers: bulletinjan2019, CVE-2017-1000456, DLA-1228-1, DSA-4097-1, FEDORA-2018-048468d7a8, FEDORA-2018-20ba39cba9, openSUSE-SU-2018:1721-1, SUSE-SU-2018:1662-1, SUSE-SU-2018:1691-1, USN-3517-1, VIGILANCE-VUL-24937.
Description of the vulnerability
An attacker can generate a buffer overflow of Poppler, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
glibc: buffer overflow via LD_LIBRARY_PATH
Synthesis of the vulnerability
An attacker can generate a buffer overflow via LD_LIBRARY_PATH of glibc, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 03/01/2018.
Identifiers: CVE-2017-1000409, FEDORA-2017-828f8a8fc6, openSUSE-SU-2018:0089-1, SUSE-SU-2018:0074-1, USN-3534-1, VIGILANCE-VUL-24925.
Description of the vulnerability
An attacker can generate a buffer overflow via LD_LIBRARY_PATH of glibc, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
glibc: memory leak via LD_HWCAP_MASK
Synthesis of the vulnerability
An attacker can create a memory leak via LD_HWCAP_MASK of glibc, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 03/01/2018.
Identifiers: CVE-2017-1000408, FEDORA-2017-828f8a8fc6, openSUSE-SU-2018:0089-1, SUSE-SU-2018:0074-1, USN-3534-1, VIGILANCE-VUL-24924.
Description of the vulnerability
An attacker can create a memory leak via LD_HWCAP_MASK of glibc, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
unixODBC: buffer overflow via unicode_to_ansi_copy
Synthesis of the vulnerability
An attacker can generate a buffer overflow via unicode_to_ansi_copy() of unixODBC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/01/2018.
Identifiers: bulletinoct2018, CVE-2018-7409, FEDORA-2018-9565c0bc9a, openSUSE-SU-2018:1845-1, SUSE-SU-2018:1832-1, VIGILANCE-VUL-24923.
Description of the vulnerability
An attacker can generate a buffer overflow via unicode_to_ansi_copy() of unixODBC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Wireshark: out-of-bounds memory reading via File_read_line
Synthesis of the vulnerability
An attacker can force a read at an invalid address via File_read_line() of Wireshark, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, Wireshark.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 28/12/2017.
Identifiers: 14295, CVE-2017-17935, DLA-1634-1, FEDORA-2018-8c3a01cc65, VIGILANCE-VUL-24898.
Description of the vulnerability
An attacker can force a read at an invalid address via File_read_line() of Wireshark, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
phpMyAdmin: Cross Site Request Forgery
Synthesis of the vulnerability
An attacker can trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 28/12/2017.
Identifiers: CERTFR-2018-AVI-001, CVE-2017-1000499, FEDORA-2017-481515e199, FEDORA-2017-cad79c7c6c, openSUSE-SU-2017:3448-1, openSUSE-SU-2017:3451-1, PMASA-2017-9, VIGILANCE-VUL-24897.
Description of the vulnerability
The phpMyAdmin product offers a web service.
However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.
An attacker can therefore trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: six vulnerabilities via BPF
Synthesis of the vulnerability
An attacker can use several vulnerabilities via BPF of the Linux kernel.
Impacted products: Fedora, Linux.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 6.
Creation date: 28/12/2017.
Identifiers: CVE-2017-17852, CVE-2017-17853, CVE-2017-17854, CVE-2017-17855, CVE-2017-17856, CVE-2017-17857, FEDORA-2018-22d5fa8a90, FEDORA-2018-884a105c04, FEDORA-2018-8ed5eff2c0, VIGILANCE-VUL-24896.
Description of the vulnerability
An attacker can use several vulnerabilities via BPF of the Linux kernel.
Full Vigil@nce bulletin... (Free trial) |
GNU GLOBAL: code execution via gozilla.c
Synthesis of the vulnerability
An attacker can use a vulnerability via gozilla.c of GNU GLOBAL, in order to run code.
Impacted products: Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 28/12/2017.
Identifiers: CVE-2017-17531, FEDORA-2017-fd9462d9ef, openSUSE-SU-2017:3442-1, VIGILANCE-VUL-24895.
Description of the vulnerability
An attacker can use a vulnerability via gozilla.c of GNU GLOBAL, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
libexif: integer overflow via MNOTE
Synthesis of the vulnerability
An attacker can generate an integer overflow via MNOTE of libexif, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 28/12/2017.
Identifiers: CVE-2016-6328, FEDORA-2017-b24ef59f94, FEDORA-2017-c28bfe0986, openSUSE-SU-2018:0211-1, VIGILANCE-VUL-24890.
Description of the vulnerability
An attacker can generate an integer overflow via MNOTE of libexif, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Red Hat Fedora:
|