Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2018-10-17 CVE-2018-18407 Out-of-bounds Read vulnerability in multiple products
A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation.
local
low complexity
broadcom fedoraproject CWE-125
5.5
2018-10-05 CVE-2018-11797 In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
local
low complexity
apache fedoraproject oracle
5.5
2018-10-01 CVE-2018-17848 Improper Validation of Array Index vulnerability in multiple products
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.
network
low complexity
golang fedoraproject CWE-129
7.5
2018-10-01 CVE-2018-17847 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.
network
low complexity
golang fedoraproject CWE-119
7.5
2018-10-01 CVE-2018-17846 Infinite Loop vulnerability in multiple products
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.
network
low complexity
golang fedoraproject CWE-835
7.5
2018-10-01 CVE-2018-17825 Double Free vulnerability in multiple products
An issue was discovered in AdPlug 2.3.1.
network
low complexity
adplug-project fedoraproject CWE-415
critical
9.8
2018-09-28 CVE-2018-14648 Resource Exhaustion vulnerability in multiple products
A flaw was found in 389 Directory Server.
network
low complexity
fedoraproject redhat debian CWE-400
7.5
2018-09-25 CVE-2018-14647 Missing Initialization of Resource vulnerability in multiple products
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization.
7.5
2018-09-17 CVE-2018-17143 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
network
low complexity
golang fedoraproject CWE-119
7.5
2018-09-17 CVE-2018-17142 NULL Pointer Dereference vulnerability in multiple products
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
network
low complexity
golang fedoraproject CWE-476
7.5