Filtered by vendor Fedoraproject
Subscribe
Search
Total
342 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18823 | 2 Fedoraproject, Wisc | 2 Fedora, Htcondor | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) | |||||
| CVE-2021-44790 | 6 Apache, Debian, Fedoraproject and 3 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | |||||
| CVE-2022-1053 | 2 Fedoraproject, Keylime | 2 Fedora, Keylime | 2022-05-16 | 6.4 MEDIUM | 9.1 CRITICAL |
| Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1, | |||||
| CVE-2020-28636 | 3 Cgal, Debian, Fedoraproject | 3 Computational Geometry Algorithms Library, Debian Linux, Fedora | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2020-28601 | 3 Cgal, Debian, Fedoraproject | 3 Computational Geometry Algorithms Library, Debian Linux, Fedora | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2021-26937 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Screen | 2022-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | |||||
| CVE-2019-11356 | 5 Canonical, Cyrus, Debian and 2 more | 8 Ubuntu Linux, Imap, Debian Linux and 5 more | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. | |||||
| CVE-2022-0547 | 2 Fedoraproject, Openvpn | 2 Fedora, Openvpn | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. | |||||
| CVE-2019-0228 | 3 Apache, Fedoraproject, Oracle | 14 James, Pdfbox, Fedora and 11 more | 2022-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. | |||||
| CVE-2020-7247 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2022-04-29 | 10.0 HIGH | 9.8 CRITICAL |
| smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. | |||||
| CVE-2020-14001 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum. | |||||
| CVE-2020-28035 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | |||||
| CVE-2020-28036 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | |||||
| CVE-2020-28037 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). | |||||
| CVE-2019-12525 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1. | |||||
| CVE-2019-12526 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap. | |||||
| CVE-2021-1871 | 3 Apple, Debian, Fedoraproject | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2020-0452 | 2 Fedoraproject, Google | 2 Fedora, Android | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731 | |||||
| CVE-2022-24303 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2022-04-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. | |||||
| CVE-2021-21146 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-04-26 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2022-26496 | 3 Debian, Fedoraproject, Network Block Device Project | 3 Debian Linux, Fedora, Network Block Device | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name. | |||||
| CVE-2022-26495 | 3 Debian, Fedoraproject, Network Block Device Project | 3 Debian Linux, Fedora, Network Block Device | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. | |||||
| CVE-2022-23304 | 2 Fedoraproject, W1.fi | 3 Fedora, Hostapd, Wpa Supplicant | 2022-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. | |||||
| CVE-2022-23303 | 2 Fedoraproject, W1.fi | 3 Fedora, Hostapd, Wpa Supplicant | 2022-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. | |||||
| CVE-2021-3781 | 2 Artifex, Fedoraproject | 2 Ghostscript, Fedora | 2022-02-28 | 9.3 HIGH | 9.9 CRITICAL |
| A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-38002 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-38013 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Chrome and 1 more | 2022-02-19 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21351 | 4 Debian, Fedoraproject, Oracle and 1 more | 13 Debian Linux, Fedora, Banking Enterprise Default Management and 10 more | 2022-02-16 | 6.5 MEDIUM | 9.1 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21350 | 4 Debian, Fedoraproject, Oracle and 1 more | 13 Debian Linux, Fedora, Banking Enterprise Default Management and 10 more | 2022-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21347 | 4 Debian, Fedoraproject, Oracle and 1 more | 13 Debian Linux, Fedora, Banking Enterprise Default Management and 10 more | 2022-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21346 | 4 Debian, Fedoraproject, Oracle and 1 more | 13 Debian Linux, Fedora, Banking Enterprise Default Management and 10 more | 2022-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21345 | 4 Debian, Fedoraproject, Oracle and 1 more | 13 Debian Linux, Fedora, Banking Enterprise Default Management and 10 more | 2022-02-16 | 6.5 MEDIUM | 9.9 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21344 | 4 Debian, Fedoraproject, Oracle and 1 more | 13 Debian Linux, Fedora, Banking Enterprise Default Management and 10 more | 2022-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21342 | 4 Debian, Fedoraproject, Oracle and 1 more | 6 Debian Linux, Fedora, Banking Virtual Account Management and 3 more | 2022-02-16 | 5.8 MEDIUM | 9.1 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-26691 | 4 Apache, Debian, Fedoraproject and 1 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2022-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | |||||
| CVE-2019-5544 | 4 Fedoraproject, Openslp, Redhat and 1 more | 10 Fedora, Openslp, Enterprise Linux Desktop and 7 more | 2022-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. | |||||
| CVE-2021-33574 | 3 Fedoraproject, Gnu, Netapp | 19 Fedora, Glibc, Cloud Backup and 16 more | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | |||||
| CVE-2021-27023 | 2 Fedoraproject, Puppet | 4 Fedora, Puppet Agent, Puppet Enterprise and 1 more | 2022-01-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | |||||
| CVE-2021-37973 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-01-15 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-27135 | 3 Debian, Fedoraproject, Invisible-island | 3 Debian Linux, Fedora, Xterm | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | |||||
| CVE-2020-15121 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-01-04 | 6.8 MEDIUM | 9.6 CRITICAL |
| In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory. | |||||
| CVE-2021-4048 | 5 Fedoraproject, Julialang, Lapack Project and 2 more | 8 Fedora, Julia, Lapack and 5 more | 2022-01-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. | |||||
| CVE-2019-18609 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer. | |||||
| CVE-2020-8518 | 3 Debian, Fedoraproject, Horde | 3 Debian Linux, Fedora, Groupware | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | |||||
| CVE-2019-18183 | 2 Fedoraproject, Pacman Project | 2 Fedora, Pacman | 2022-01-01 | 6.8 MEDIUM | 9.8 CRITICAL |
| pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file. | |||||
| CVE-2019-20477 | 2 Fedoraproject, Pyyaml | 2 Fedora, Pyyaml | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. | |||||
| CVE-2020-26892 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Nats-server | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. | |||||
| CVE-2019-18182 | 2 Fedoraproject, Pacman Project | 2 Fedora, Pacman | 2021-12-30 | 6.8 MEDIUM | 9.8 CRITICAL |
| pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package. | |||||
| CVE-2021-42377 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2021-12-23 | 6.8 MEDIUM | 9.8 CRITICAL |
| An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. | |||||
| CVE-2021-3756 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2021-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| libmysofa is vulnerable to Heap-based Buffer Overflow | |||||