fedoraproject fedora 30 vulnerabilities and exploits

(subscribe to this query)

9.8

CVSSv3

PyYAML 5.1 up to and including 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.

Pyyaml Pyyaml Fedoraproject Fedora 30 Fedoraproject Fedora 31

5.3

CVSSv3

In Dovecot prior to 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.

Dovecot Dovecot Fedoraproject Fedora 30 Fedoraproject Fedora 31

8.8

CVSSv3

A flaw was found in IPA, all 4.6.x versions prior to 4.6.7, all 4.7.x versions prior to 4.7.4 and all 4.8.x versions prior to 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated atta...

Freeipa Freeipa Fedoraproject Fedora 30 Fedoraproject Fedora 31

1 Github repository

8.1

CVSSv3

An issue exists in Symfony 2.8.0 up to and including 2.8.50, 3.4.0 up to and including 3.4.34, 4.2.0 up to and including 4.2.11, and 4.3.0 up to and including 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.

Sensiolabs Symfony Fedoraproject Fedora 30 Fedoraproject Fedora 31

7.5

CVSSv3

An issue exists in Symfony 2.8.0 up to and including 2.8.50, 3.4.0 up to and including 3.4.34, 4.2.0 up to and including 4.2.11, and 4.3.0 up to and including 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbi...

Sensiolabs Symfony Fedoraproject Fedora 30 Fedoraproject Fedora 31

1 Github repository

9.8

CVSSv3

Eval injection in the Math plugin of Limnoria (prior to 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged malicious users to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.

Limnoria Project Limnoria Fedoraproject Fedora 29 Fedoraproject Fedora 30 Fedoraproject Fedora 31

6.5

CVSSv3

An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.

Mediaarea Mediainfo 18.12 Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

6.5

CVSSv3

FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.

Freedesktop Poppler 0.75.0 Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

7.8

CVSSv3

In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an maliciou...

Glyphandcog Xpdfreader 4.01.01 Fedoraproject Fedora 30 Fedoraproject Fedora 31 Fedoraproject Fedora 32

5.5

CVSSv3

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an malicious user to cause Information Disc...

Glyphandcog Xpdfreader 4.01.01 Fedoraproject Fedora 29 Fedoraproject Fedora 30 Fedoraproject Fedora 31

Get Started

« PREV 1 2 3 4 5 6 7 8 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook