Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-05-05 | CVE-2018-10753 | Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | Debian_linux, Fedora, Abcm2ps | 9.8 | ||
| 2018-05-07 | CVE-2018-10771 | Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | Debian_linux, Fedora, Abcm2ps | 9.8 | ||
| 2018-05-30 | CVE-2018-10196 | NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. | Ubuntu_linux, Fedora, Graphviz | 5.5 | ||
| 2018-06-13 | CVE-2018-11385 | An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker. | Debian_linux, Fedora, Symfony | 8.1 | ||
| 2018-06-18 | CVE-2018-1060 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. | Ubuntu_linux, Debian_linux, Fedora, Python, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
| 2018-06-19 | CVE-2018-1061 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. | Ubuntu_linux, Debian_linux, Fedora, Python, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
| 2018-06-19 | CVE-2018-10811 | strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. | Ubuntu_linux, Debian_linux, Fedora, Strongswan | 7.5 | ||
| 2018-06-27 | CVE-2017-18342 | In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. | Fedora, Pyyaml | 9.8 | ||
| 2018-07-06 | CVE-2018-13405 | The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is... | Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Fedora, Linux_kernel, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Mrg_realtime, Virtualization | 7.8 | ||
| 2018-08-14 | CVE-2018-14348 | libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. | Debian_linux, Fedora, Libcgroup | 8.1 |