Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6428 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2022-03-31 6.8 MEDIUM 8.8 HIGH
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6422 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2022-03-31 6.8 MEDIUM 8.8 HIGH
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6424 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2022-03-31 6.8 MEDIUM 8.8 HIGH
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6426 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2022-03-31 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-31215 3 Debian, Fedoraproject, Schedmd 3 Debian Linux, Fedora, Slurm 2022-03-31 6.5 MEDIUM 8.8 HIGH
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
CVE-2021-22207 4 Debian, Fedoraproject, Oracle and 1 more 4 Debian Linux, Fedora, Zfs Storage Appliance Kit and 1 more 2022-03-31 5.0 MEDIUM 6.5 MEDIUM
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
CVE-2021-42376 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2022-03-31 1.9 LOW 5.5 MEDIUM
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
CVE-2021-42375 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2022-03-31 1.9 LOW 5.5 MEDIUM
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
CVE-2021-42377 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2022-03-31 6.8 MEDIUM 9.8 CRITICAL
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
CVE-2021-42374 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2022-03-31 3.3 LOW 5.3 MEDIUM
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
CVE-2021-42373 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2022-03-31 2.1 LOW 5.5 MEDIUM
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
CVE-2021-41611 2 Fedoraproject, Squid-cache 2 Fedora, Squid 2022-03-31 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
CVE-2021-2010 3 Fedoraproject, Netapp, Oracle 5 Fedora, Active Iq Unified Manager, Oncommand Insight and 2 more 2022-03-30 4.9 MEDIUM 4.2 MEDIUM
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L).
CVE-2021-2006 3 Fedoraproject, Netapp, Oracle 5 Fedora, Active Iq Unified Manager, Oncommand Insight and 2 more 2022-03-30 6.3 MEDIUM 5.3 MEDIUM
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-1998 3 Fedoraproject, Netapp, Oracle 6 Fedora, Active Iq Unified Manager, Oncommand Insight and 3 more 2022-03-30 5.5 MEDIUM 3.8 LOW
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).
CVE-2022-0983 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2022-03-30 6.5 MEDIUM 8.8 HIGH
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
CVE-2019-12221 5 Canonical, Debian, Fedoraproject and 2 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2022-03-30 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.
CVE-2021-4011 3 Debian, Fedoraproject, X.org 3 Debian Linux, Fedora, X Server 2022-03-30 7.2 HIGH 7.8 HIGH
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-4010 3 Debian, Fedoraproject, X.org 3 Debian Linux, Fedora, X Server 2022-03-30 7.2 HIGH 7.8 HIGH
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-4009 3 Debian, Fedoraproject, X.org 3 Debian Linux, Fedora, X Server 2022-03-30 7.2 HIGH 7.8 HIGH
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.