Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2018-3848

Exploit
  • EPSS 1.39%
  • Veröffentlicht 16.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:09

In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain c...

8.8

CVE-2018-3849

Exploit
  • EPSS 1.23%
  • Veröffentlicht 16.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:09

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain c...

6.5

CVE-2014-1398

  • EPSS 0.38%
  • Veröffentlicht 10.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 02:04:12

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.

6.5

CVE-2014-1399

  • EPSS 0.31%
  • Veröffentlicht 10.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 02:04:13

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.

6.5

CVE-2014-1400

  • EPSS 0.38%
  • Veröffentlicht 10.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 02:04:13

The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.

8.8

CVE-2018-1098

Exploit
  • EPSS 0.29%
  • Veröffentlicht 03.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:10

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from a...

5.5

CVE-2018-1099

Exploit
  • EPSS 0.08%
  • Veröffentlicht 03.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:10

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

7.5

CVE-2018-7262

  • EPSS 0.67%
  • Veröffentlicht 19.03.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 04:11:53

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

7.8

CVE-2014-7271

  • EPSS 0.09%
  • Veröffentlicht 08.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 02:16:39

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.

7.8

CVE-2014-7272

  • EPSS 0.15%
  • Veröffentlicht 08.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 02:16:39

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires...