The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat Fedora

vulnerability CVE-2018-4200

WebKitGTK+: memory corruption via State Management

Synthesis of the vulnerability

An attacker can generate a memory corruption via State Management of WebKitGTK+, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/05/2018.
Identifiers: bulletinoct2018, CVE-2018-4200, FEDORA-2018-6a9fea1b3a, FEDORA-2018-93ba62d099, FEDORA-2018-97c58e29e4, HT208743, openSUSE-SU-2018:3473-1, SUSE-SU-2018:3387-1, USN-3640-1, VIGILANCE-VUL-26080.

Description of the vulnerability

An attacker can generate a memory corruption via State Management of WebKitGTK+, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1059

DPDK: information disclosure via Guest Physical Ranges

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Guest Physical Ranges of DPDK, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1059, FEDORA-2018-2c965abb15, openSUSE-SU-2018:1560-1, openSUSE-SU-2018:4003-1, RHSA-2018:2038-01, SUSE-SU-2018:1492-1, SUSE-SU-2018:3923-1, USN-3642-1, USN-3642-2, VIGILANCE-VUL-26075.

Description of the vulnerability

An attacker can bypass access restrictions to data via Guest Physical Ranges of DPDK, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0494

wget: information disclosure via Cookies Injection

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cookies Injection of wget, in order to obtain sensitive information.
Impacted products: Debian, Fedora, McAfee Web Gateway, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 09/05/2018.
Identifiers: CVE-2018-0494, DLA-1375-1, DSA-4195-1, FEDORA-2018-11b37d7a68, FEDORA-2018-29ebba0906, FEDORA-2018-f29459149a, openSUSE-SU-2018:1383-1, RHSA-2018:3052-01, SB10276, SSA:2018-129-02, SUSE-SU-2018:1367-1, SUSE-SU-2018:1373-1, USN-3643-1, USN-3643-2, VIGILANCE-VUL-26070.

Description of the vulnerability

An attacker can bypass access restrictions to data via Cookies Injection of wget, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-10981

Xen: infinite loop via Device Model

Synthesis of the vulnerability

An attacker, inside a guest system, can generate an infinite loop via Device Model of Xen, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-229, CVE-2018-10981, DLA-1383-1, DLA-1559-1, DSA-4201-1, FEDORA-2018-7cd077ddd3, FEDORA-2018-98684f429b, FEDORA-2018-a7ac26523d, openSUSE-SU-2018:1487-1, SUSE-SU-2018:1456-1, SUSE-SU-2018:2528-1, VIGILANCE-VUL-26065, XSA-262.

Description of the vulnerability

An attacker, inside a guest system, can generate an infinite loop via Device Model of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-10982

Xen: privilege escalation via vHPET Interrupt Injection

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via vHPET Interrupt Injection of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-225, CERTFR-2018-AVI-229, CTX234679, CVE-2018-10982, DLA-1383-1, DLA-1549-1, DSA-4201-1, FEDORA-2018-7cd077ddd3, FEDORA-2018-98684f429b, FEDORA-2018-a7ac26523d, openSUSE-SU-2018:1487-1, SUSE-SU-2018:1456-1, SUSE-SU-2018:2528-1, VIGILANCE-VUL-26064, XSA-261.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via vHPET Interrupt Injection of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-8897

Xen: privilege escalation via Debug Exceptions

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Debug Exceptions of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-225, CERTFR-2018-AVI-229, CTX234679, CVE-2018-8897, DLA-1383-1, DLA-1577-1, DSA-4201-1, FEDORA-2018-7cd077ddd3, FEDORA-2018-98684f429b, FEDORA-2018-a7ac26523d, openSUSE-SU-2018:1274-1, SUSE-SU-2018:1177-1, SUSE-SU-2018:1181-1, SUSE-SU-2018:1184-1, SUSE-SU-2018:1202-1, SUSE-SU-2018:1203-1, SUSE-SU-2018:1216-1, VIGILANCE-VUL-26063, XSA-260.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Debug Exceptions of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-9527

Apache POI: infinite loop via PPT

Synthesis of the vulnerability

An attacker can generate an infinite loop via PPT of Apache POI, in order to trigger a denial of service.
Impacted products: Fedora.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 07/05/2018.
Identifiers: 2016039, CVE-2014-9527, FEDORA-2015-2087, FEDORA-2015-2090, VIGILANCE-VUL-26055.

Description of the vulnerability

An attacker can generate an infinite loop via PPT of Apache POI, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-10380

kwallet-pam: file corruption

Synthesis of the vulnerability

A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of kwallet-pam.
Impacted products: Debian, Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 07/05/2018.
Identifiers: CVE-2018-10380, DSA-4200-1, FEDORA-2018-a954bb958b, FEDORA-2018-b8cbd331a1, FEDORA-2018-e56bdde239, openSUSE-SU-2018:1149-1, VIGILANCE-VUL-26053.

Description of the vulnerability

A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of kwallet-pam.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-17528

ScummVM: code execution via posix.cpp

Synthesis of the vulnerability

An attacker can use a vulnerability via posix.cpp of ScummVM, in order to run code.
Impacted products: Fedora.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 07/05/2018.
Identifiers: CVE-2017-17528, FEDORA-2018-9a85d5af21, FEDORA-2018-d275e6ff0c, VIGILANCE-VUL-26052.

Description of the vulnerability

An attacker can use a vulnerability via posix.cpp of ScummVM, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1100

Zsh: buffer overflow via checkmailpath

Synthesis of the vulnerability

An attacker can generate a buffer overflow via checkmailpath() of Zsh, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 07/05/2018.
Identifiers: bulletinoct2018, CVE-2018-1100, FEDORA-2018-ac1d9c2777, openSUSE-SU-2018:1893-1, openSUSE-SU-2018:2966-1, RHSA-2018:1932-01, RHSA-2018:3073-01, SSA:2019-013-01, SUSE-SU-2018:1874-1, USN-3764-1, VIGILANCE-VUL-26051.

Description of the vulnerability

An attacker can generate a buffer overflow via checkmailpath() of Zsh, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Fedora: