Vulnerabilities > Fedoraproject > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-08 | CVE-2014-7271 | Missing Authentication for Critical Function vulnerability in multiple products Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication. | 7.8 |
| 2018-03-07 | CVE-2018-1054 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. | 7.5 |
| 2018-03-01 | CVE-2017-15134 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. | 7.5 |
| 2018-02-09 | CVE-2014-3219 | Link Following vulnerability in multiple products fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | 7.8 |
| 2018-01-25 | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. | 8.8 |
| 2018-01-24 | CVE-2017-15135 | Unspecified vulnerability in Fedoraproject 389 Directory Server It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. | 8.1 |
| 2018-01-22 | CVE-2018-6003 | Uncontrolled Recursion vulnerability in multiple products An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. | 7.5 |
| 2018-01-12 | CVE-2018-5345 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. | 7.8 |
| 2017-12-29 | CVE-2015-8008 | Improper Access Control vulnerability in multiple products The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | 7.5 |
| 2017-12-29 | CVE-2014-8119 | Improper Input Validation vulnerability in multiple products The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. | 7.5 |