Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

fedoraproject fedora 28 vulnerabilities and exploits

(subscribe to this query)

5
CVSSv2
CVE-2019-10906
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape....
Palletsprojects JinjaFedoraproject Fedora 28Fedoraproject Fedora 29Fedoraproject Fedora 30
4.3
CVSSv2
CVE-2019-11372
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash....
Mediaarea Mediainfo 18.12Fedoraproject Fedora 28Fedoraproject Fedora 29Fedoraproject Fedora 30
5
CVSSv2
CVE-2018-17846
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification....
Golang NetFedoraproject Fedora 28Fedoraproject Fedora 29
5
CVSSv2
CVE-2018-17848
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an...
Golang NetFedoraproject Fedora 28Fedoraproject Fedora 29
5
CVSSv2
CVE-2019-5885
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users....
Matrix SynapseFedoraproject Fedora 28Fedoraproject Fedora 29
7.5
CVSSv2
CVE-2017-18342
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function....
Pyyaml PyyamlFedoraproject Fedora 28Fedoraproject Fedora 29Fedoraproject Fedora 30
5
CVSSv2
CVE-2018-20060
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted...
Python Urllib3Fedoraproject Fedora 28Fedoraproject Fedora 29Fedoraproject Fedora 30
5
CVSSv2
CVE-2018-17075
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This...
Golang NetFedoraproject Fedora 28Fedoraproject Fedora 29
5
CVSSv2
CVE-2018-17142
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call....
Golang NetFedoraproject Fedora 28Fedoraproject Fedora 29
5
CVSSv2
CVE-2018-17143
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call....
Golang NetFedoraproject Fedora 28Fedoraproject Fedora 29
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2021-20661CVE-2020-4953CVE-2018-19518CVE-2021-27645CVE-2021-3156CVE-2021-26684deserializationwireless