Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-10753

  • EPSS 0.91%
  • Veröffentlicht 05.05.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:41:59

Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

7.1

CVE-2013-0159

  • EPSS 0.04%
  • Veröffentlicht 01.05.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 01:46:57

The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.

5.5

CVE-2017-6888

  • EPSS 0.45%
  • Veröffentlicht 25.04.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:30:43

An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.

8.8

CVE-2018-3846

Exploit
  • EPSS 0.95%
  • Veröffentlicht 16.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:09

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potent...

8.8

CVE-2018-3848

Exploit
  • EPSS 1.31%
  • Veröffentlicht 16.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:09

In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain c...

8.8

CVE-2018-3849

Exploit
  • EPSS 0.87%
  • Veröffentlicht 16.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:09

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain c...

6.5

CVE-2014-1398

  • EPSS 0.38%
  • Veröffentlicht 10.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 02:04:12

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.

6.5

CVE-2014-1399

  • EPSS 0.31%
  • Veröffentlicht 10.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 02:04:13

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.

6.5

CVE-2014-1400

  • EPSS 0.38%
  • Veröffentlicht 10.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 02:04:13

The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.

8.8

CVE-2018-1098

Exploit
  • EPSS 0.23%
  • Veröffentlicht 03.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:10

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from a...