Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2018-1099

Exploit
  • EPSS 0.07%
  • Veröffentlicht 03.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:10

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

7.5

CVE-2018-7262

  • EPSS 1.4%
  • Veröffentlicht 19.03.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 04:11:53

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

7.8

CVE-2014-7271

  • EPSS 0.09%
  • Veröffentlicht 08.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 02:16:39

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.

7.8

CVE-2014-7272

  • EPSS 0.15%
  • Veröffentlicht 08.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 02:16:39

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires...

6.5

CVE-2018-5729

  • EPSS 0.08%
  • Veröffentlicht 06.03.2018 20:29:00
  • Zuletzt bearbeitet 05.05.2025 14:14:33

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to th...

5.5

CVE-2018-5730

  • EPSS 0.44%
  • Veröffentlicht 06.03.2018 20:29:00
  • Zuletzt bearbeitet 05.05.2025 14:12:56

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string w...

3.3

CVE-2017-9271

  • EPSS 0.14%
  • Veröffentlicht 01.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:35:43

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.

7.8

CVE-2014-3219

  • EPSS 0.04%
  • Veröffentlicht 09.02.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 02:07:42

fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

9.8

CVE-2014-3005

Exploit
  • EPSS 4.29%
  • Veröffentlicht 01.02.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 02:07:18

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in...

8.8

CVE-2017-15365

  • EPSS 0.57%
  • Veröffentlicht 25.01.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:14:33

sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions an...