Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-07 | CVE-2018-10771 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 9.8 |
| 2018-05-05 | CVE-2018-10753 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 9.8 |
| 2018-05-01 | CVE-2013-0159 | Link Following vulnerability in Fedoraproject Fedora 17/18 The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. | 3.6 |
| 2018-04-25 | CVE-2017-6888 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. | 5.5 |
| 2018-04-16 | CVE-2018-3849 | Out-of-bounds Write vulnerability in multiple products In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. | 8.8 |
| 2018-04-16 | CVE-2018-3848 | Out-of-bounds Write vulnerability in multiple products In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. | 8.8 |
| 2018-04-16 | CVE-2018-3846 | Out-of-bounds Write vulnerability in multiple products In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. | 8.8 |
| 2018-04-10 | CVE-2014-1400 | Improper Access Control vulnerability in multiple products The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. | 4.0 |
| 2018-04-10 | CVE-2014-1399 | Improper Access Control vulnerability in multiple products The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. | 4.0 |
| 2018-04-10 | CVE-2014-1398 | Improper Access Control vulnerability in multiple products The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors. | 4.0 |