Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2018-1060

Exploit
  • EPSS 0.96%
  • Veröffentlicht 18.06.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:05

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

7.5

CVE-2018-1090

  • EPSS 0.29%
  • Veröffentlicht 18.06.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:09

In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.

8.1

CVE-2018-11385

  • EPSS 0.95%
  • Veröffentlicht 13.06.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:16

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an a...

5.5

CVE-2018-10196

  • EPSS 0.1%
  • Veröffentlicht 30.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:59

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

7.9

CVE-2018-1111

Exploit
  • EPSS 89.38%
  • Veröffentlicht 17.05.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:12

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network ab...

9.8

CVE-2018-10771

Exploit
  • EPSS 0.96%
  • Veröffentlicht 07.05.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:00

Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

9.8

CVE-2018-10753

  • EPSS 0.96%
  • Veröffentlicht 05.05.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:41:59

Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

7.1

CVE-2013-0159

  • EPSS 0.04%
  • Veröffentlicht 01.05.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 01:46:57

The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.

5.5

CVE-2017-6888

  • EPSS 0.09%
  • Veröffentlicht 25.04.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:30:43

An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.

8.8

CVE-2018-3846

Exploit
  • EPSS 2.59%
  • Veröffentlicht 16.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:09

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potent...