Filtered by vendor Fedoraproject
Subscribe
Total
4434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-0118 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-04-18 | 4.3 MEDIUM | 4.3 MEDIUM |
Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2022-0120 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-04-18 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website. | |||||
CVE-2022-25600 | 2 Fedoraproject, Flippercode | 2 Fedora, Wp Google Map | 2022-04-18 | 6.8 MEDIUM | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). | |||||
CVE-2022-25601 | 2 Fedoraproject, Plugin-planet | 2 Fedora, Contact Form X | 2022-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). | |||||
CVE-2022-23614 | 3 Debian, Fedoraproject, Symfony | 3 Debian Linux, Fedora, Twig | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade. | |||||
CVE-2021-20233 | 4 Fedoraproject, Gnu, Netapp and 1 more | 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more | 2022-04-18 | 7.2 HIGH | 8.2 HIGH |
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-20225 | 4 Fedoraproject, Gnu, Netapp and 1 more | 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more | 2022-04-18 | 7.2 HIGH | 6.7 MEDIUM |
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2020-8625 | 5 Debian, Fedoraproject, Isc and 2 more | 9 Debian Linux, Fedora, Bind and 6 more | 2022-04-18 | 6.8 MEDIUM | 8.1 HIGH |
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch | |||||
CVE-2022-24724 | 2 Fedoraproject, Github | 2 Fedora, Cmark-gfm | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered. | |||||
CVE-2018-5730 | 4 Debian, Fedoraproject, Mit and 1 more | 6 Debian Linux, Fedora, Kerberos 5 and 3 more | 2022-04-18 | 5.5 MEDIUM | 3.8 LOW |
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. | |||||
CVE-2018-20843 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2022-04-18 | 7.8 HIGH | 7.5 HIGH |
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | |||||
CVE-2019-5834 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-04-18 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
CVE-2019-5838 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-04-18 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension. | |||||
CVE-2019-12817 | 6 Canonical, Debian, Fedoraproject and 3 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2022-04-18 | 6.9 MEDIUM | 7.0 HIGH |
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. | |||||
CVE-2019-5812 | 3 Apple, Fedoraproject, Google | 3 Iphone Os, Fedora, Chrome | 2022-04-18 | 4.3 MEDIUM | 6.5 MEDIUM |
Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
CVE-2019-12802 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-18 | 6.8 MEDIUM | 7.8 HIGH |
In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg). | |||||
CVE-2019-1010228 | 2 Fedoraproject, Offis | 2 Fedora, Dcmtk | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e. | |||||
CVE-2019-9848 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. | |||||
CVE-2019-9849 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-04-18 | 4.0 MEDIUM | 4.3 MEDIUM |
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. | |||||
CVE-2019-13226 | 2 Deepin, Fedoraproject | 2 Deepin-clone, Fedora | 2022-04-18 | 6.9 MEDIUM | 7.0 HIGH |
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system. |