Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-13 CVE-2018-11385 Session Fixation vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
high complexity
sensiolabs debian fedoraproject CWE-384
8.1
8.1
2018-05-17 CVE-2018-1111 DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client.
high complexity
fedoraproject redhat
7.5
7.5
2018-05-09 CVE-2018-1089 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows.
network
low complexity
fedoraproject redhat debian CWE-119
7.5
7.5
2018-05-01 CVE-2013-0159 Link Following vulnerability in Fedoraproject Fedora 17/18
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.
local
low complexity
fedoraproject CWE-59
7.1
7.1
2018-04-30 CVE-2017-2591 Out-of-bounds Read vulnerability in multiple products
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server.
network
low complexity
fedoraproject redhat CWE-125
7.5
7.5
2018-04-16 CVE-2018-3849 Out-of-bounds Write vulnerability in multiple products
In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data.
network
low complexity
nasa fedoraproject CWE-787
8.8
8.8
2018-04-16 CVE-2018-3848 Out-of-bounds Write vulnerability in multiple products
In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data.
network
low complexity
nasa fedoraproject CWE-787
8.8
8.8
2018-04-16 CVE-2018-3846 Out-of-bounds Write vulnerability in multiple products
In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data.
network
low complexity
nasa fedoraproject CWE-787
8.8
8.8
2018-04-03 CVE-2018-1098 A cross-site request forgery flaw was found in etcd 3.3.1 and earlier.
network
low complexity
redhat fedoraproject
8.8
8.8
2018-03-19 CVE-2018-7262 NULL Pointer Dereference vulnerability in multiple products
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
network
low complexity
redhat fedoraproject CWE-476
7.5
7.5