Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-12-29 | CVE-2017-16876 | Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | Fedora, Mistune | 6.1 | ||
| 2018-01-22 | CVE-2018-6003 | An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. | Debian_linux, Fedora, Libtasn1 | 7.5 | ||
| 2018-01-25 | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. | Fedora, Mariadb, Xtradb_cluster | 8.8 | ||
| 2018-03-01 | CVE-2017-9271 | The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. | Fedora, Zypper | 3.3 | ||
| 2018-03-19 | CVE-2018-7262 | In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. | Fedora, Ceph | 7.5 | ||
| 2018-04-03 | CVE-2018-1099 | DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address). | Fedora, Etcd | 5.5 | ||
| 2018-04-16 | CVE-2018-3846 | In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | Fedora, Cfitsio | 8.8 | ||
| 2018-04-16 | CVE-2018-3848 | In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | Fedora, Cfitsio | 8.8 | ||
| 2018-04-16 | CVE-2018-3849 | In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | Fedora, Cfitsio | 8.8 | ||
| 2018-04-25 | CVE-2017-6888 | An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. | Debian_linux, Fedora, Flac | 5.5 |