Total
5057 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-10811 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. | |||||
CVE-2018-11385 | 3 Debian, Fedoraproject, Sensiolabs | 3 Debian Linux, Fedora, Symfony | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker. | |||||
CVE-2014-3005 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | |||||
CVE-2018-5730 | 4 Debian, Fedoraproject, Mit and 1 more | 6 Debian Linux, Fedora, Kerberos 5 and 3 more | 2023-12-10 | 5.5 MEDIUM | 3.8 LOW |
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. | |||||
CVE-2018-10771 | 3 Debian, Fedoraproject, Moinejf | 3 Debian Linux, Fedora, Abcm2ps | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
CVE-2014-3219 | 2 Fedoraproject, Fishshell | 2 Fedora, Fish | 2023-12-10 | 4.3 MEDIUM | 7.8 HIGH |
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | |||||
CVE-2017-18342 | 2 Fedoraproject, Pyyaml | 2 Fedora, Pyyaml | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. | |||||
CVE-2014-1400 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. | |||||
CVE-2018-7262 | 2 Fedoraproject, Redhat | 2 Fedora, Ceph | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. | |||||
CVE-2018-3849 | 2 Fedoraproject, Nasa | 2 Fedora, Cfitsio | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | |||||
CVE-2018-6003 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libtasn1 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. | |||||
CVE-2013-0159 | 1 Fedoraproject | 1 Fedora | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. | |||||
CVE-2014-7271 | 2 Fedoraproject, Sddm Project | 2 Fedora, Sddm | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication. | |||||
CVE-2017-11462 | 2 Fedoraproject, Mit | 2 Fedora, Kerberos 5 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. | |||||
CVE-2017-16876 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | |||||
CVE-2015-1395 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Patch | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. | |||||
CVE-2015-5300 | 7 Canonical, Debian, Fedoraproject and 4 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | |||||
CVE-2017-11610 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Cloudforms and 1 more | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. | |||||
CVE-2017-12170 | 2 Fedoraproject, Pureftpd | 2 Fedora, Pure-ftpd | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd. | |||||
CVE-2017-13748 | 3 Debian, Fedoraproject, Jasper Project | 3 Debian Linux, Fedora, Jasper | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. |