Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 4367 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-16135 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-05-12 4.3 MEDIUM 5.9 MEDIUM
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
CVE-2020-10878 5 Fedoraproject, Netapp, Opensuse and 2 more 17 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 14 more 2022-05-12 7.5 HIGH 8.6 HIGH
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
CVE-2020-12723 5 Fedoraproject, Netapp, Opensuse and 2 more 16 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 13 more 2022-05-12 5.0 MEDIUM 7.5 HIGH
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-10543 4 Fedoraproject, Opensuse, Oracle and 1 more 15 Fedora, Leap, Communications Billing And Revenue Management and 12 more 2022-05-12 6.4 MEDIUM 8.2 HIGH
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
CVE-2020-28196 4 Fedoraproject, Mit, Netapp and 1 more 11 Fedora, Kerberos 5, Active Iq Unified Manager and 8 more 2022-05-12 5.0 MEDIUM 7.5 HIGH
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
CVE-2020-11979 4 Apache, Fedoraproject, Gradle and 1 more 37 Ant, Fedora, Gradle and 34 more 2022-05-12 5.0 MEDIUM 7.5 HIGH
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
CVE-2021-28163 5 Apache, Eclipse, Fedoraproject and 2 more 23 Ignite, Solr, Jetty and 20 more 2022-05-12 4.0 MEDIUM 2.7 LOW
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
CVE-2022-0984 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2022-05-10 4.0 MEDIUM 4.3 MEDIUM
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
CVE-2021-32786 3 Apache, Fedoraproject, Zmartzone 3 Http Server, Fedora, Mod Auth Openidc 2022-05-10 5.8 MEDIUM 6.1 MEDIUM
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression.
CVE-2021-32792 3 Apache, Fedoraproject, Zmartzone 3 Http Server, Fedora, Mod Auth Openidc 2022-05-10 4.3 MEDIUM 6.1 MEDIUM
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
CVE-2022-28048 2 Fedoraproject, Stb Project 2 Fedora, Stb 2022-05-10 6.8 MEDIUM 8.8 HIGH
STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.
CVE-2020-25648 4 Fedoraproject, Mozilla, Oracle and 1 more 6 Fedora, Network Security Services, Communications Offline Mediation Controller and 3 more 2022-05-10 5.0 MEDIUM 7.5 HIGH
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
CVE-2020-8277 4 C-ares Project, Fedoraproject, Nodejs and 1 more 8 C-ares, Fedora, Node.js and 5 more 2022-05-10 5.0 MEDIUM 7.5 HIGH
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
CVE-2021-33034 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-05-08 4.6 MEDIUM 7.8 HIGH
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2021-26937 3 Debian, Fedoraproject, Gnu 3 Debian Linux, Fedora, Screen 2022-05-06 7.5 HIGH 9.8 CRITICAL
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
CVE-2021-31204 2 Fedoraproject, Microsoft 4 Fedora, .net, .net Core and 1 more 2022-05-03 4.6 MEDIUM 7.8 HIGH
.NET and Visual Studio Elevation of Privilege Vulnerability
CVE-2021-36770 3 Fedoraproject, P5-encode Project, Perl 3 Fedora, P5-encode, Perl 2022-05-03 6.8 MEDIUM 7.8 HIGH
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.
CVE-2021-43519 2 Fedoraproject, Lua 2 Fedora, Lua 2022-05-03 4.3 MEDIUM 5.5 MEDIUM
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
CVE-2020-28200 2 Dovecot, Fedoraproject 2 Dovecot, Fedora 2022-05-03 4.0 MEDIUM 4.3 MEDIUM
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
CVE-2021-44686 2 Calibre-ebook, Fedoraproject 2 Calibre, Fedora 2022-05-03 5.0 MEDIUM 7.5 HIGH
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.