Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-0001

  • EPSS 0.66%
  • Published 15.01.2019 21:29:00
  • Last modified 21.11.2024 04:16:01

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd servic...

5.2

CVE-2019-3811

  • EPSS 0.16%
  • Published 15.01.2019 15:29:00
  • Last modified 21.11.2024 04:42:35

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem ac...

8.1

CVE-2018-16886

  • EPSS 0.74%
  • Published 14.01.2019 19:29:00
  • Last modified 21.11.2024 03:53:32

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Nam...

8.1

CVE-2019-6251

Exploit
  • EPSS 2.54%
  • Published 14.01.2019 08:29:00
  • Last modified 21.11.2024 04:46:18

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 ...

6.5

CVE-2019-3498

  • EPSS 2.06%
  • Published 09.01.2019 23:29:05
  • Last modified 21.11.2024 04:42:08

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing ...

6.5

CVE-2018-20662

  • EPSS 0.46%
  • Published 03.01.2019 13:29:00
  • Last modified 21.11.2024 04:01:57

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is m...

7.8

CVE-2019-3500

  • EPSS 0.12%
  • Published 02.01.2019 07:29:00
  • Last modified 21.11.2024 04:42:08

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

5.5

CVE-2018-20592

Exploit
  • EPSS 0.36%
  • Published 30.12.2018 18:29:00
  • Last modified 21.11.2024 04:01:48

In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.

5.5

CVE-2018-20593

Exploit
  • EPSS 0.27%
  • Published 30.12.2018 18:29:00
  • Last modified 21.11.2024 04:01:48

In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.

8.8

CVE-2018-20549

Exploit
  • EPSS 0.85%
  • Published 28.12.2018 16:29:05
  • Last modified 21.11.2024 04:01:42

There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.