Fedoraproject: >> Fedora >> 28 Security Vulnerabilities
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-10-01
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.
CVSS Score
7.5
EPSS Score
0.01
Published
2018-10-01
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-09-17
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-09-17
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-09-16
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
CVSS Score
7.5
EPSS Score
0.011
Published
2018-08-24
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
CVSS Score
9.8
EPSS Score
0.02
Published
2018-08-24
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
CVSS Score
8.1
EPSS Score
0.006
Published
2018-08-14
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
CVSS Score
9.8
EPSS Score
0.047
Published
2018-06-27
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVSS Score
7.5
EPSS Score
0.188
Published
2018-06-19