Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fedoraproject fedora 31 vulnerabilities and exploits
(subscribe to this query)
9.6
CVSSv3
CVE-2020-15121
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwn...
Radare Radare2
Fedoraproject Fedora 31
Fedoraproject Fedora 32
7.5
CVSSv3
CVE-2019-18888
An issue exists in Symfony 2.8.0 up to and including 2.8.50, 3.4.0 up to and including 3.4.34, 4.2.0 up to and including 4.2.11, and 4.3.0 up to and including 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbi...
Sensiolabs Symfony
Fedoraproject Fedora 30
Fedoraproject Fedora 31
1 Github repository
6.5
CVSSv3
CVE-2019-10218
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacke...
Samba Samba
Fedoraproject Fedora 29
Fedoraproject Fedora 31
8.8
CVSSv3
CVE-2017-9105
An issue exists in adns prior to 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.
Gnu Adns
Fedoraproject Fedora 31
Fedoraproject Fedora 32
7.5
CVSSv3
CVE-2017-9106
An issue exists in adns prior to 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the si...
Gnu Adns
Fedoraproject Fedora 31
Fedoraproject Fedora 32
7.5
CVSSv3
CVE-2017-9107
An issue exists in adns prior to 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. ...
Gnu Adns
Fedoraproject Fedora 31
Fedoraproject Fedora 32
7.8
CVSSv3
CVE-2019-19647
radare2 up to and including 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote malicious users to cause a denial of service (application crash) or possibly have unspeci...
Radare Radare2
Fedoraproject Fedora 30
Fedoraproject Fedora 31
9.8
CVSSv3
CVE-2019-20477
PyYAML 5.1 up to and including 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
Pyyaml Pyyaml
Fedoraproject Fedora 30
Fedoraproject Fedora 31
7.5
CVSSv3
CVE-2015-9541
Qt up to and including 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
Qt Qt
Fedoraproject Fedora 31
Fedoraproject Fedora 32
8.8
CVSSv3
CVE-2019-14867
A flaw was found in IPA, all 4.6.x versions prior to 4.6.7, all 4.7.x versions prior to 4.7.4 and all 4.8.x versions prior to 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated atta...
Freeipa Freeipa
Fedoraproject Fedora 30
Fedoraproject Fedora 31
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »