fedoraproject fedora 30 vulnerabilities and exploits

(subscribe to this query)

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted i...

Python Urllib3 Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

Gradle Gradle Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

Phpmyadmin Phpmyadmin Fedoraproject Fedora 29 Fedoraproject Fedora 30 Fedoraproject Fedora 31

1 EDB exploit

In radare2 prior to 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling ...

Radare Radare2 Fedoraproject Fedora 29 Fedoraproject Fedora 30 Fedoraproject Fedora 31

1 Github repository

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compro...

Oracle Mysql Fedoraproject Fedora 30 Fedoraproject Fedora 31 Fedoraproject Fedora 32

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser...

Oracle Mysql Fedoraproject Fedora 30 Fedoraproject Fedora 31 Fedoraproject Fedora 32

In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the malici...

Enigmail Enigmail Fedoraproject Fedora 30 Fedoraproject Fedora 31 Fedoraproject Fedora 32

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to com...

Oracle Mysql Fedoraproject Fedora 30 Fedoraproject Fedora 31 Fedoraproject Fedora 32

In PyYAML prior to 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

Pyyaml Pyyaml Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

7 Github repositories

Trustwave ModSecurity 3.0.0 up to and including 3.0.3 allows an malicious user to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transac...

Trustwave Modsecurity Fedoraproject Fedora 30 Fedoraproject Fedora 31 Fedoraproject Fedora 32

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook