Filtered by vendor Fedoraproject
Subscribe
Search
Total
1558 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39252 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2021-11-29 | 6.9 MEDIUM | 7.8 HIGH |
| A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. | |||||
| CVE-2021-39253 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2021-11-29 | 6.9 MEDIUM | 7.8 HIGH |
| A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. | |||||
| CVE-2021-33289 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2021-11-29 | 6.9 MEDIUM | 7.8 HIGH |
| In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. | |||||
| CVE-2021-35268 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2021-11-29 | 6.9 MEDIUM | 7.8 HIGH |
| In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | |||||
| CVE-2021-35269 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2021-11-29 | 6.9 MEDIUM | 7.8 HIGH |
| NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | |||||
| CVE-2021-33287 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2021-11-29 | 6.9 MEDIUM | 7.8 HIGH |
| In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application. | |||||
| CVE-2021-35266 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2021-11-29 | 6.9 MEDIUM | 7.8 HIGH |
| In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution. | |||||
| CVE-2021-35267 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2021-11-29 | 6.9 MEDIUM | 7.8 HIGH |
| NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. | |||||
| CVE-2019-13272 | 6 Canonical, Debian, Fedoraproject and 3 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2021-11-28 | 7.2 HIGH | 7.8 HIGH |
| In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. | |||||
| CVE-2021-41099 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Management Services For Element Software And Netapp Hci and 1 more | 2021-11-28 | 6.0 MEDIUM | 7.5 HIGH |
| Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | |||||
| CVE-2021-3872 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2021-11-28 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-39226 | 2 Fedoraproject, Grafana | 2 Fedora, Grafana | 2021-11-28 | 6.8 MEDIUM | 7.3 HIGH |
| Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects. | |||||
| CVE-2021-32749 | 2 Fail2ban, Fedoraproject | 2 Fail2ban, Fedora | 2021-11-28 | 6.8 MEDIUM | 8.1 HIGH |
| fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`\n~`) are available in "foreign" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action `mail-whois` or patch the vulnerability manually. | |||||
| CVE-2021-41799 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2021-11-26 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. | |||||
| CVE-2021-21332 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-11-23 | 4.3 MEDIUM | 8.2 HIGH |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0. | |||||
| CVE-2021-30629 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30632 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30628 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | |||||
| CVE-2021-30627 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30626 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30851 | 3 Apple, Debian, Fedoraproject | 8 Ipad Os, Iphone Os, Macos and 5 more | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. | |||||
| CVE-2021-30543 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30542 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30846 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2021-11-23 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-15114 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2021-11-18 | 4.0 MEDIUM | 7.7 HIGH |
| In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. | |||||
| CVE-2020-15238 | 3 Blueman Project, Debian, Fedoraproject | 3 Blueman, Debian Linux, Fedora | 2021-11-18 | 6.9 MEDIUM | 7.0 HIGH |
| Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules. | |||||
| CVE-2021-30622 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30622 Use after free in WebApp Installs | |||||
| CVE-2021-30623 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30623 Use after free in Bookmarks | |||||
| CVE-2021-30624 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30624 Use after free in Autofill | |||||
| CVE-2021-30620 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink | |||||
| CVE-2021-30618 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | |||||
| CVE-2021-30606 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30606 Use after free in Blink | |||||
| CVE-2021-30608 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30608 Use after free in Web Share | |||||
| CVE-2021-30616 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30616 Use after free in Media | |||||
| CVE-2021-30609 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30609 Use after free in Sign-In | |||||
| CVE-2021-30614 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | |||||
| CVE-2021-30613 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30613 Use after free in Base internals | |||||
| CVE-2021-30612 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30612 Use after free in WebRTC | |||||
| CVE-2021-30611 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30611 Use after free in WebRTC | |||||
| CVE-2021-30610 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30610 Use after free in Extensions API | |||||
| CVE-2021-30607 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30607 Use after free in Permissions | |||||
| CVE-2021-35610 | 3 Fedoraproject, Netapp, Oracle | 4 Fedora, Oncommand Insight, Snapcenter and 1 more | 2021-11-17 | 5.5 MEDIUM | 7.1 HIGH |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). | |||||
| CVE-2020-14363 | 2 Fedoraproject, X.org | 2 Fedora, Libx11 | 2021-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability. | |||||
| CVE-2019-3816 | 4 Fedoraproject, Opensuse, Openwsman Project and 1 more | 11 Fedora, Leap, Openwsman and 8 more | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. | |||||
| CVE-2019-14818 | 3 Dpdk, Fedoraproject, Redhat | 5 Data Plane Development Kit, Fedora, Enterprise Linux Fast Datapath and 2 more | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition. | |||||
| CVE-2019-3804 | 3 Cockpit-project, Fedoraproject, Redhat | 3 Cockpit, Fedora, Virtualization | 2021-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash. | |||||
| CVE-2019-14855 | 3 Canonical, Fedoraproject, Gnupg | 3 Ubuntu Linux, Fedora, Gnupg | 2021-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. | |||||
| CVE-2019-10190 | 2 Fedoraproject, Nic | 2 Fedora, Knot Resolver | 2021-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191. | |||||
| CVE-2021-3156 | 8 Beyondtrust, Debian, Fedoraproject and 5 more | 25 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 22 more | 2021-10-20 | 7.2 HIGH | 7.8 HIGH |
| Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. | |||||
| CVE-2018-20843 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2021-10-20 | 7.8 HIGH | 7.5 HIGH |
| In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | |||||