Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2018-6003

  • EPSS 1.58%
  • Veröffentlicht 22.01.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:51

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

7.8

CVE-2018-5345

  • EPSS 0.75%
  • Veröffentlicht 12.01.2018 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:37

A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

4.9

CVE-2017-15129

  • EPSS 0.08%
  • Veröffentlicht 09.01.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:14:07

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in ne...

5.5

CVE-2014-1859

  • EPSS 0.05%
  • Veröffentlicht 08.01.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 02:05:10

(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.

5.5

CVE-2014-4978

  • EPSS 0.05%
  • Veröffentlicht 29.12.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.

7.5

CVE-2014-8119

  • EPSS 2.41%
  • Veröffentlicht 29.12.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

7.5

CVE-2015-8008

  • EPSS 0.55%
  • Veröffentlicht 29.12.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

6.1

CVE-2017-16876

  • EPSS 0.58%
  • Veröffentlicht 29.12.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.

6.5

CVE-2017-16818

  • EPSS 0.59%
  • Veröffentlicht 20.12.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, r...

7.5

CVE-2016-1254

  • EPSS 3.04%
  • Veröffentlicht 05.12.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.