Fedoraproject

Fedora

5326 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2014-1399

  • EPSS 0.31%
  • Veröffentlicht 10.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 02:04:13

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.

6.5

CVE-2014-1400

  • EPSS 0.38%
  • Veröffentlicht 10.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 02:04:13

The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.

8.8

CVE-2018-1098

Exploit
  • EPSS 0.21%
  • Veröffentlicht 03.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:10

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from a...

5.5

CVE-2018-1099

Exploit
  • EPSS 0.06%
  • Veröffentlicht 03.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:10

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

7.5

CVE-2018-7262

  • EPSS 1.4%
  • Veröffentlicht 19.03.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 04:11:53

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

7.8

CVE-2014-7271

  • EPSS 0.09%
  • Veröffentlicht 08.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 02:16:39

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.

7.8

CVE-2014-7272

  • EPSS 0.15%
  • Veröffentlicht 08.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 02:16:39

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires...

6.5

CVE-2018-5729

  • EPSS 0.07%
  • Veröffentlicht 06.03.2018 20:29:00
  • Zuletzt bearbeitet 05.05.2025 14:14:33

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to th...

5.5

CVE-2018-5730

  • EPSS 0.39%
  • Veröffentlicht 06.03.2018 20:29:00
  • Zuletzt bearbeitet 05.05.2025 14:12:56

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string w...

3.3

CVE-2017-9271

  • EPSS 0.14%
  • Veröffentlicht 01.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:35:43

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.