Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2018-18409

Exploit
  • EPSS 0.32%
  • Published 17.10.2018 04:29:00
  • Last modified 21.11.2024 03:55:53

A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call.

5.5

CVE-2018-11797

  • EPSS 1.25%
  • Published 05.10.2018 20:29:00
  • Last modified 21.11.2024 03:44:03

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.

7.5

CVE-2018-17846

  • EPSS 0.56%
  • Published 01.10.2018 08:29:02
  • Last modified 21.11.2024 03:55:02

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.

7.5

CVE-2018-17847

Exploit
  • EPSS 0.91%
  • Published 01.10.2018 08:29:02
  • Last modified 21.11.2024 03:55:02

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElemen...

7.5

CVE-2018-17848

Exploit
  • EPSS 1.03%
  • Published 01.10.2018 08:29:02
  • Last modified 21.11.2024 03:55:03

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse cal...

9.8

CVE-2018-17825

Exploit
  • EPSS 0.48%
  • Published 01.10.2018 08:29:00
  • Last modified 21.11.2024 03:55:00

An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.

7.5

CVE-2018-14647

  • EPSS 1.9%
  • Published 25.09.2018 00:29:00
  • Last modified 21.11.2024 03:49:30

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions ...

7.5

CVE-2018-17142

Exploit
  • EPSS 0.75%
  • Published 17.09.2018 14:29:00
  • Last modified 21.11.2024 03:53:56

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.

7.5

CVE-2018-17143

Exploit
  • EPSS 0.65%
  • Published 17.09.2018 14:29:00
  • Last modified 21.11.2024 03:53:56

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.

7.5

CVE-2018-17075

Exploit
  • EPSS 0.72%
  • Published 16.09.2018 02:29:00
  • Last modified 21.11.2024 03:53:50

The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilde...