Filtered by vendor Fedoraproject
Subscribe
Search
Total
3698 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11538 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2020-07-27 | 6.8 MEDIUM | 8.1 HIGH |
| In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. | |||||
| CVE-2020-13753 | 3 Fedoraproject, Webkitgtk, Wpewebkit | 3 Fedora, Webkitgtk, Wpe Webkit | 2020-07-27 | 7.5 HIGH | 10.0 CRITICAL |
| The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. | |||||
| CVE-2015-8837 | 3 Debian, Fedoraproject, Fuseiso Project | 3 Debian Linux, Fedora, Fuseiso | 2020-07-27 | 6.8 MEDIUM | 7.3 HIGH |
| Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file. | |||||
| CVE-2020-1983 | 3 Fedoraproject, Libslirp Project, Opensuse | 3 Fedora, Libslirp, Leap | 2020-07-26 | 2.1 LOW | 6.5 MEDIUM |
| A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. | |||||
| CVE-2020-8945 | 3 Fedoraproject, Gnupg, Redhat | 3 Fedora, Gpgme, Openshift Container Platform | 2020-07-24 | 5.1 MEDIUM | 7.5 HIGH |
| The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. | |||||
| CVE-2020-13965 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2020-07-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview. | |||||
| CVE-2019-9631 | 3 Debian, Fedoraproject, Freedesktop | 3 Debian Linux, Fedora, Poppler | 2020-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. | |||||
| CVE-2011-0495 | 3 Debian, Digium, Fedoraproject | 6 Debian Linux, Asterisk, Asterisknow and 3 more | 2020-07-15 | 6.0 MEDIUM | N/A |
| Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. | |||||
| CVE-2018-12207 | 7 Canonical, Debian, F5 and 4 more | 1532 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 1529 more | 2020-07-15 | 4.9 MEDIUM | 6.5 MEDIUM |
| Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | |||||
| CVE-2008-3969 | 2 Bitlbee, Fedoraproject | 2 Bitlbee, Fedora | 2020-07-14 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920. | |||||
| CVE-2020-11743 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2020-07-13 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain. | |||||
| CVE-2020-11742 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2020-07-13 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour. | |||||
| CVE-2019-18677 | 3 Canonical, Fedoraproject, Squid-cache | 3 Ubuntu Linux, Fedora, Squid | 2020-07-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to. | |||||
| CVE-2019-18679 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-07-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks. | |||||
| CVE-2019-18678 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-07-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon. | |||||
| CVE-2020-5312 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | |||||
| CVE-2020-5311 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | |||||
| CVE-2018-19591 | 2 Fedoraproject, Gnu | 2 Fedora, Glibc | 2020-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. | |||||
| CVE-2020-8130 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2020-06-30 | 6.9 MEDIUM | 6.4 MEDIUM |
| There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | |||||
| CVE-2019-8377 | 2 Appneta, Fedoraproject | 2 Tcpreplay, Fedora | 2020-06-25 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2020-13777 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-06-19 | 5.8 MEDIUM | 7.4 HIGH |
| GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. | |||||
| CVE-2020-11863 | 2 Fedoraproject, Libemf Project | 2 Fedora, Libemf | 2020-06-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). | |||||
| CVE-2020-11864 | 2 Fedoraproject, Libemf Project | 2 Fedora, Libemf | 2020-06-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). | |||||
| CVE-2020-11865 | 2 Fedoraproject, Libemf Project | 2 Fedora, Libemf | 2020-06-18 | 6.8 MEDIUM | 7.8 HIGH |
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. | |||||
| CVE-2020-11866 | 2 Fedoraproject, Libemf Project | 2 Fedora, Libemf | 2020-06-18 | 6.8 MEDIUM | 7.8 HIGH |
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. | |||||
| CVE-2009-0314 | 2 Fedoraproject, Gnome | 2 Fedora, Libpeas | 2020-06-15 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2020-11793 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 5 Ubuntu Linux, Fedora, Leap and 2 more | 2020-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). | |||||
| CVE-2016-9400 | 2 Fedoraproject, Teeworlds | 2 Fedora, Teeworlds | 2020-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. | |||||
| CVE-2018-17848 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2020-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call. | |||||
| CVE-2018-17846 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2020-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. | |||||
| CVE-2013-2014 | 2 Fedoraproject, Openstack | 2 Fedora, Keystone | 2020-06-02 | 5.0 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. | |||||
| CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2020-06-02 | 6.5 MEDIUM | N/A |
| OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | |||||
| CVE-2019-19769 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2020-05-30 | 6.5 MEDIUM | 6.7 MEDIUM |
| In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). | |||||
| CVE-2016-6342 | 2 Elog Project, Fedoraproject | 2 Elog, Fedora | 2020-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| elog 3.1.1 allows remote attackers to post data as any username in the logbook. | |||||
| CVE-2016-2173 | 2 Fedoraproject, Vmware | 2 Fedora, Spring Advanced Message Queuing Protocol | 2020-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. | |||||
| CVE-2015-3405 | 7 Debian, Fedoraproject, Ntp and 4 more | 13 Debian Linux, Fedora, Ntp and 10 more | 2020-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | |||||
| CVE-2011-2192 | 5 Apple, Canonical, Debian and 2 more | 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more | 2020-05-27 | 4.3 MEDIUM | N/A |
| The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. | |||||
| CVE-2020-12050 | 3 Fedoraproject, Opensuse, Sqliteodbc Project | 3 Fedora, Backports Sle, Sqliteodbc | 2020-05-27 | 6.9 MEDIUM | 7.0 HIGH |
| SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library. | |||||
| CVE-2020-11008 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. | |||||
| CVE-2009-2474 | 4 Apple, Canonical, Fedoraproject and 1 more | 4 Mac Os X, Ubuntu Linux, Fedora and 1 more | 2020-05-22 | 5.8 MEDIUM | N/A |
| neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2014-9585 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2020-05-21 | 2.1 LOW | N/A |
| The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. | |||||
| CVE-2014-9529 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2020-05-21 | 6.9 MEDIUM | N/A |
| Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. | |||||
| CVE-2018-16867 | 3 Canonical, Fedoraproject, Qemu | 3 Ubuntu Linux, Fedora, Qemu | 2020-05-14 | 4.4 MEDIUM | 7.8 HIGH |
| A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host. | |||||
| CVE-2016-4037 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-05-14 | 4.9 MEDIUM | 6.0 MEDIUM |
| The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. | |||||
| CVE-2018-19489 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2020-05-12 | 1.9 LOW | 4.7 MEDIUM |
| v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. | |||||
| CVE-2018-19364 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2020-05-12 | 2.1 LOW | 5.5 MEDIUM |
| hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. | |||||
| CVE-2018-20191 | 3 Canonical, Fedoraproject, Qemu | 3 Ubuntu Linux, Fedora, Qemu | 2020-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). | |||||
| CVE-2018-20123 | 3 Canonical, Fedoraproject, Qemu | 3 Ubuntu Linux, Fedora, Qemu | 2020-05-12 | 2.1 LOW | 5.5 MEDIUM |
| pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. | |||||
| CVE-2016-5421 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2020-05-08 | 6.8 MEDIUM | 8.1 HIGH |
| Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2019-16232 | 4 Canonical, Fedoraproject, Linux and 1 more | 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more | 2020-05-04 | 4.7 MEDIUM | 4.1 MEDIUM |
| drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | |||||