Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-10 | CVE-2014-1400 | Improper Access Control vulnerability in multiple products The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. | 6.5 |
| 2018-04-10 | CVE-2014-1399 | Improper Access Control vulnerability in multiple products The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. | 6.5 |
| 2018-04-10 | CVE-2014-1398 | Improper Access Control vulnerability in multiple products The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors. | 6.5 |
| 2018-04-03 | CVE-2018-1099 | Improper Input Validation vulnerability in multiple products DNS rebinding vulnerability found in etcd 3.3.1 and earlier. | 5.5 |
| 2018-04-03 | CVE-2018-1098 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. | 8.8 |
| 2018-03-19 | CVE-2018-7262 | NULL Pointer Dereference vulnerability in multiple products In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. | 7.5 |
| 2018-03-08 | CVE-2014-7272 | Permissions, Privileges, and Access Controls vulnerability in multiple products Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases). | 7.8 |
| 2018-03-08 | CVE-2014-7271 | Missing Authentication for Critical Function vulnerability in multiple products Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication. | 7.8 |
| 2018-03-07 | CVE-2018-1054 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. | 7.5 |
| 2018-03-06 | CVE-2018-5730 | LDAP Injection vulnerability in multiple products MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. | 3.8 |