fedoraproject fedora 28 vulnerabilities and exploits

(subscribe to this query)

In PyYAML prior to 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

Pyyaml Pyyaml Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

7 Github repositories

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

Gradle Gradle Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted i...

Python Urllib3 Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

The html package (aka x/net/html) prior to 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This ...

Golang Net Fedoraproject Fedora 28 Fedoraproject Fedora 29

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.

Golang Net Fedoraproject Fedora 28 Fedoraproject Fedora 29

Matrix Synapse prior to 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote malicious users to impersonate users.

Matrix Synapse Fedoraproject Fedora 28 Fedoraproject Fedora 29

In PuTTY versions prior to 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.

Putty Putty Fedoraproject Fedora 28 Fedoraproject Fedora 29

In the GNU C Library (aka glibc or libc6) up to and including 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

Gnu Glibc Fedoraproject Fedora 28 Fedoraproject Fedora 29

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.

Golang Net Fedoraproject Fedora 28 Fedoraproject Fedora 29

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActive...

Golang Net Fedoraproject Fedora 28 Fedoraproject Fedora 29

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook