Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2018-5729

  • EPSS 0.44%
  • Published 06.03.2018 20:29:00
  • Last modified 05.05.2025 14:14:33

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to th...

5.5

CVE-2018-5730

  • EPSS 1.11%
  • Published 06.03.2018 20:29:00
  • Last modified 05.05.2025 14:12:56

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string w...

3.3

CVE-2017-9271

  • EPSS 0.14%
  • Published 01.03.2018 20:29:00
  • Last modified 21.11.2024 03:35:43

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.

7.8

CVE-2014-3219

  • EPSS 0.04%
  • Published 09.02.2018 22:29:00
  • Last modified 21.11.2024 02:07:42

fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

9.8

CVE-2014-3005

Exploit
  • EPSS 4.29%
  • Published 01.02.2018 17:29:00
  • Last modified 21.11.2024 02:07:18

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in...

8.8

CVE-2017-15365

  • EPSS 0.4%
  • Published 25.01.2018 16:29:00
  • Last modified 21.11.2024 03:14:33

sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions an...

7.5

CVE-2018-6003

  • EPSS 1.58%
  • Published 22.01.2018 20:29:00
  • Last modified 21.11.2024 04:09:51

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

7.8

CVE-2018-5345

  • EPSS 0.75%
  • Published 12.01.2018 00:29:00
  • Last modified 21.11.2024 04:08:37

A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

4.9

CVE-2017-15129

  • EPSS 0.07%
  • Published 09.01.2018 19:29:00
  • Last modified 21.11.2024 03:14:07

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in ne...

5.5

CVE-2014-1859

  • EPSS 0.07%
  • Published 08.01.2018 19:29:00
  • Last modified 21.11.2024 02:05:10

(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.