fedoraproject fedora 29 vulnerabilities and exploits

(subscribe to this query)

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted i...

Python Urllib3 Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

In PyYAML prior to 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

Pyyaml Pyyaml Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

8 Github repositories

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

Gradle Gradle Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

Phpmyadmin Phpmyadmin Fedoraproject Fedora 29 Fedoraproject Fedora 30 Fedoraproject Fedora 31

1 EDB exploit

In radare2 prior to 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling ...

Radare Radare2 Fedoraproject Fedora 29 Fedoraproject Fedora 30 Fedoraproject Fedora 31

1 Github repository

In the GNU C Library (aka glibc or libc6) up to and including 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

Gnu Glibc Fedoraproject Fedora 28 Fedoraproject Fedora 29

In PuTTY versions prior to 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.

Putty Putty Fedoraproject Fedora 28 Fedoraproject Fedora 29

When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a ma...

Kmplayer Kmplayer Fedoraproject Fedora 29 Fedoraproject Fedora 30

1 Github repository

The html package (aka x/net/html) prior to 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This ...

Golang Net Fedoraproject Fedora 28 Fedoraproject Fedora 29

OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. D...

Offis Dcmtk Fedoraproject Fedora 29 Fedoraproject Fedora 30

1 2 3 4 5 6 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook