Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2018-1000852

Exploit
  • EPSS 0.87%
  • Published 20.12.2018 15:29:02
  • Last modified 21.11.2024 03:40:29

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server c...

6.1

CVE-2018-19790

  • EPSS 0.47%
  • Published 18.12.2018 22:29:05
  • Last modified 21.11.2024 03:58:33

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacke...

5.5

CVE-2018-20123

  • EPSS 0.13%
  • Published 17.12.2018 19:29:02
  • Last modified 21.11.2024 04:00:54

pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.

5.3

CVE-2018-16872

  • EPSS 0.27%
  • Published 13.12.2018 21:29:00
  • Last modified 21.11.2024 03:53:29

A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the t...

5.5

CVE-2018-19364

  • EPSS 0.05%
  • Published 13.12.2018 19:29:00
  • Last modified 21.11.2024 03:57:48

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.

4.7

CVE-2018-19489

  • EPSS 0.04%
  • Published 13.12.2018 19:29:00
  • Last modified 21.11.2024 03:58:00

v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.

7.8

CVE-2018-16867

  • EPSS 0.08%
  • Published 12.12.2018 13:29:02
  • Last modified 21.11.2024 03:53:29

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, thi...

6.5

CVE-2018-20097

Exploit
  • EPSS 0.63%
  • Published 12.12.2018 10:29:00
  • Last modified 21.11.2024 04:00:52

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

9.8

CVE-2018-20060

  • EPSS 0.43%
  • Published 11.12.2018 17:29:00
  • Last modified 27.12.2024 16:15:22

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to uni...

8.8

CVE-2018-20004

Exploit
  • EPSS 0.81%
  • Published 10.12.2018 06:29:00
  • Last modified 21.11.2024 04:00:43

An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by test...