CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fedoraproject : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-14648 399 DoS 2018-09-28 2018-11-28
7.8
None Remote Low Not required None None Complete
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
2 CVE-2018-14638 415 DoS 2018-09-14 2018-11-28
5.0
None Remote Low Not required None None Partial
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
3 CVE-2018-14624 20 2018-09-06 2018-11-14
5.0
None Remote Low Not required None None Partial
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.
4 CVE-2018-14348 200 +Info 2018-08-14 2018-10-12
5.5
None Remote Low Single system Partial Partial None
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
5 CVE-2018-10871 200 +Info 2018-07-18 2018-09-17
4.0
None Remote Low Single system Partial None None
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.
6 CVE-2018-10852 200 +Info 2018-06-26 2018-10-31
5.0
None Remote Low Not required Partial None None
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
7 CVE-2018-10850 362 DoS 2018-06-13 2018-09-26
7.1
None Remote Medium Not required None None Complete
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
8 CVE-2018-10196 476 DoS 2018-05-30 2018-08-07
4.3
None Remote Medium Not required None None Partial
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
9 CVE-2018-7262 476 DoS 2018-03-19 2018-04-18
5.0
None Remote Low Not required None None Partial
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
10 CVE-2018-6003 399 2018-01-22 2018-02-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
11 CVE-2018-5730 90 2018-03-06 2018-11-27
5.5
None Remote Low Single system Partial Partial None
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
12 CVE-2018-5729 476 DoS Bypass 2018-03-06 2018-11-27
6.5
None Remote Low Single system Partial Partial Partial
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
13 CVE-2018-5345 119 Exec Code Overflow 2018-01-11 2018-03-18
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
14 CVE-2018-1111 77 Exec Code 2018-05-17 2018-11-30
7.9
None Local Network Medium Not required Complete Complete Complete
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
15 CVE-2018-1089 20 DoS Overflow 2018-05-09 2018-07-16
5.0
None Remote Low Not required None None Partial
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
16 CVE-2018-1054 125 DoS 2018-03-07 2018-07-16
5.0
None Remote Low Not required None None Partial
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
17 CVE-2017-1002150 601 CSRF 2017-09-14 2017-09-21
5.8
None Remote Medium Not required Partial Partial None
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection
18 CVE-2017-1000001 20 2017-07-17 2017-07-26
5.0
None Remote Low Not required None Partial None
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on.
19 CVE-2017-16876 79 XSS 2017-12-29 2018-01-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.
20 CVE-2017-16818 254 DoS 2017-12-20 2018-01-11
4.0
None Remote Low Single system None None Partial
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.
21 CVE-2017-15365 264 Bypass 2018-01-25 2018-11-21
6.5
None Remote Low Single system Partial Partial Partial
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
22 CVE-2017-15134 119 DoS Overflow 2018-03-01 2018-07-16
5.0
None Remote Low Not required None None Partial
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
23 CVE-2017-13704 20 2017-10-02 2018-05-10
5.0
None Remote Low Not required None None Partial
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.
24 CVE-2017-12843 20 2017-08-22 2017-08-26
4.0
None Remote Low Single system None Partial None
Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.
25 CVE-2017-12173 20 2018-07-27 2018-09-28
4.0
None Remote Low Single system Partial None None
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
26 CVE-2017-12170 16 2017-09-21 2017-10-04
7.5
None Remote Low Not required Partial Partial Partial
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.
27 CVE-2017-11610 284 Exec Code 2017-08-23 2017-12-01
9.0
None Remote Low Single system Complete Complete Complete
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
28 CVE-2017-11462 415 2017-09-13 2017-10-20
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
29 CVE-2017-11368 20 2017-08-09 2018-04-11
4.0
None Remote Low Single system None None Partial
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
30 CVE-2017-8932 310 2017-07-06 2018-10-30
4.3
None Remote Medium Not required Partial None None
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
31 CVE-2017-8386 264 +Priv 2017-06-01 2018-10-30
6.5
None Remote Low Single system Partial Partial Partial
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
32 CVE-2017-7551 640 2017-08-16 2018-01-04
5.0
None Remote Low Not required Partial None None
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
33 CVE-2017-7496 264 2017-06-26 2017-07-03
4.4
None Local Medium Not required Partial Partial Partial
fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.
34 CVE-2017-6362 415 DoS 2017-09-07 2017-09-13
5.0
None Remote Low Not required None None Partial
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
35 CVE-2017-5885 190 DoS Exec Code Overflow 2017-02-28 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
36 CVE-2017-5884 118 Exec Code 2017-02-28 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
37 CVE-2017-5849 125 DoS 2017-03-15 2017-04-07
4.3
None Remote Medium Not required None None Partial
tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.
38 CVE-2017-5357 416 DoS 2017-02-16 2017-02-17
5.0
None Remote Low Not required None None Partial
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
39 CVE-2017-5330 78 Exec Code 2017-03-27 2017-03-31
6.8
None Remote Medium Not required Partial Partial Partial
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
40 CVE-2017-2668 476 DoS 2018-06-22 2018-08-23
4.3
None Remote Medium Not required None None Partial
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.
41 CVE-2017-2591 125 2018-04-30 2018-06-12
5.0
None Remote Low Not required None None Partial
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.
42 CVE-2016-10243 20 Exec Code 2017-05-02 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
43 CVE-2016-10132 476 DoS 2017-03-24 2017-03-27
5.0
None Remote Low Not required None None Partial
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.
44 CVE-2016-10027 362 Bypass 2017-01-12 2017-01-18
2.6
None Remote High Not required Partial None None
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
45 CVE-2016-9961 189 2017-06-06 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
game-music-emu before 0.6.1 mishandles unspecified integer values.
46 CVE-2016-9960 369 DoS 2017-06-06 2018-10-30
2.1
None Local Low Not required None None Partial
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
47 CVE-2016-9956 284 2017-02-22 2017-02-24
5.0
None Remote Low Not required None Partial None
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.
48 CVE-2016-9400 119 Exec Code Overflow 2017-02-22 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.
49 CVE-2016-9299 90 Exec Code 2017-01-12 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.
50 CVE-2016-9243 20 2017-03-27 2017-04-04
5.0
None Remote Low Not required None Partial None
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
Total number of vulnerabilities : 524   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.