Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fedoraproject fedora 29 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-20060
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted i...
Python Urllib3
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
670
VMScore
CVE-2017-18342
In PyYAML prior to 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
Pyyaml Pyyaml
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
8 Github repositories
383
VMScore
CVE-2019-11065
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.
Gradle Gradle
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
585
VMScore
CVE-2019-12922
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
Phpmyadmin Phpmyadmin
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
1 EDB exploit
605
VMScore
CVE-2019-14745
In radare2 prior to 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling ...
Radare Radare2
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
1 Github repository
383
VMScore
CVE-2019-9133
When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a ma...
Kmplayer Kmplayer
Fedoraproject Fedora 29
Fedoraproject Fedora 30
1 Github repository
445
VMScore
CVE-2018-17075
The html package (aka x/net/html) prior to 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This ...
Golang Net
Fedoraproject Fedora 28
Fedoraproject Fedora 29
445
VMScore
CVE-2018-17142
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
Golang Net
Fedoraproject Fedora 28
Fedoraproject Fedora 29
605
VMScore
CVE-2019-12802
In radare2 up to and including 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_pa...
Radare Radare2
Fedoraproject Fedora 29
Fedoraproject Fedora 30
383
VMScore
CVE-2019-10218
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacke...
Samba Samba
Fedoraproject Fedora 29
Fedoraproject Fedora 31
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »