Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.87%
  • Veröffentlicht 29.12.2017 22:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

  • EPSS 2.22%
  • Veröffentlicht 29.12.2017 15:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.

  • EPSS 2.31%
  • Veröffentlicht 20.12.2017 17:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, r...

  • EPSS 3%
  • Veröffentlicht 05.12.2017 16:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

  • EPSS 9.63%
  • Veröffentlicht 18.10.2017 20:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" ...

  • EPSS 3.66%
  • Veröffentlicht 18.10.2017 20:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

Exploit
  • EPSS 4.09%
  • Veröffentlicht 16.10.2017 18:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.

  • EPSS 3.24%
  • Veröffentlicht 10.10.2017 13:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

  • EPSS 65.41%
  • Veröffentlicht 03.10.2017 01:29:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platf...

  • EPSS 1.72%
  • Veröffentlicht 26.09.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors rel...