Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-09 CVE-2014-3219 Link Following vulnerability in multiple products
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
local
low complexity
fishshell fedoraproject CWE-59
7.8
2018-01-25 CVE-2017-15365 sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
network
low complexity
fedoraproject mariadb percona
8.8
2018-01-24 CVE-2017-15135 Unspecified vulnerability in Fedoraproject 389 Directory Server
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process.
network
high complexity
fedoraproject
8.1
2018-01-22 CVE-2018-6003 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13.
network
low complexity
gnu fedoraproject debian CWE-674
7.5
2018-01-12 CVE-2018-5345 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
7.8
2017-12-29 CVE-2015-8008 Improper Access Control vulnerability in multiple products
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
network
low complexity
mediawiki fedoraproject CWE-284
7.5
2017-12-29 CVE-2014-8119 Improper Input Validation vulnerability in multiple products
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
network
low complexity
redhat fedoraproject netcf-project CWE-20
7.5
2017-12-05 CVE-2016-1254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
7.5
2017-10-03 CVE-2017-13704 Improper Input Validation vulnerability in multiple products
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value.
7.5
2017-09-25 CVE-2015-5704 Command Injection vulnerability in multiple products
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
7.8