fedoraproject fedora 29 vulnerabilities and exploits

(subscribe to this query)

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

Gradle Gradle Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

Phpmyadmin Phpmyadmin Fedoraproject Fedora 29 Fedoraproject Fedora 30 Fedoraproject Fedora 31

1 EDB exploit

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted i...

Python Urllib3 Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

In radare2 prior to 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling ...

Radare Radare2 Fedoraproject Fedora 29 Fedoraproject Fedora 30 Fedoraproject Fedora 31

1 Github repository

In PyYAML prior to 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

Pyyaml Pyyaml Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

7 Github repositories

OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. D...

Offis Dcmtk Fedoraproject Fedora 29 Fedoraproject Fedora 30

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.

Golang Net Fedoraproject Fedora 28 Fedoraproject Fedora 29

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html...

Golang Net Fedoraproject Fedora 28 Fedoraproject Fedora 29

The html package (aka x/net/html) prior to 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This ...

Golang Net Fedoraproject Fedora 28 Fedoraproject Fedora 29

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacke...

Samba Samba Fedoraproject Fedora 29 Fedoraproject Fedora 31

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook