Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1311 | 5 Apache, Debian, Fedoraproject and 2 more | 11 Xerces-c\+\+, Debian Linux, Fedora and 8 more | 2024-08-05 | 8.1 High |
| The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. | ||||
| CVE-2018-1285 | 4 Apache, Fedoraproject, Netapp and 1 more | 7 Log4net, Fedora, Manageability Software Development Kit and 4 more | 2024-08-05 | 9.8 Critical |
| Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. | ||||
| CVE-2018-1090 | 3 Fedoraproject, Pulpproject, Redhat | 4 Fedora, Pulp, Satellite and 1 more | 2024-08-05 | N/A |
| In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets. | ||||
| CVE-2018-1113 | 2 Fedoraproject, Redhat | 6 Fedora, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2024-08-05 | N/A |
| setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system. | ||||
| CVE-2018-1111 | 2 Fedoraproject, Redhat | 11 Fedora, Enterprise Linux, Enterprise Linux Desktop and 8 more | 2024-08-05 | N/A |
| DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. | ||||
| CVE-2018-1098 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2024-08-05 | N/A |
| A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send. | ||||
| CVE-2018-1061 | 5 Canonical, Debian, Fedoraproject and 2 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-08-05 | N/A |
| python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. | ||||
| CVE-2018-1060 | 5 Canonical, Debian, Fedoraproject and 2 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-08-05 | 7.5 High |
| python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. | ||||
| CVE-2019-1020014 | 3 Canonical, Docker, Fedoraproject | 3 Ubuntu Linux, Credential Helpers, Fedora | 2024-08-05 | 5.5 Medium |
| docker-credential-helpers before 0.6.3 has a double free in the List functions. | ||||
| CVE-2019-1010319 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-08-05 | 5.5 Medium |
| WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe. | ||||
| CVE-2019-1010238 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-08-05 | 9.8 Critical |
| Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. | ||||
| CVE-2019-1010317 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-08-05 | 5.5 Medium |
| WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b. | ||||
| CVE-2019-1010315 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-08-05 | 5.5 Medium |
| WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc. | ||||
| CVE-2019-1010301 | 3 Debian, Fedoraproject, Jhead Project | 3 Debian Linux, Fedora, Jhead | 2024-08-05 | 5.5 Medium |
| jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. | ||||
| CVE-2019-1010302 | 3 Debian, Fedoraproject, Jhead Project | 3 Debian Linux, Fedora, Jhead | 2024-08-05 | 5.5 Medium |
| jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file. | ||||
| CVE-2019-1010228 | 2 Fedoraproject, Offis | 2 Fedora, Dcmtk | 2024-08-05 | 9.8 Critical |
| OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e. | ||||
| CVE-2019-1010305 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-08-05 | 5.5 Medium |
| libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. | ||||
| CVE-2019-1010057 | 3 Debian, Fedoraproject, Nfdump Project | 3 Debian Linux, Fedora, Nfdump | 2024-08-05 | 7.8 High |
| nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e. | ||||
| CVE-2019-1010065 | 3 Debian, Fedoraproject, Sleuthkit | 3 Debian Linux, Fedora, The Sleuth Kit | 2024-08-05 | 6.5 Medium |
| The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image. | ||||
| CVE-2019-1010142 | 2 Fedoraproject, Scapy | 2 Fedora, Scapy | 2024-08-05 | 7.5 High |
| scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work. | ||||