Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-15144 5 Canonical, Debian, Djvulibre Project and 2 more 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more 2022-03-29 4.3 MEDIUM 5.5 MEDIUM
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
CVE-2020-2934 3 Debian, Fedoraproject, Oracle 4 Debian Linux, Fedora, Mysql Connector\/j and 1 more 2022-03-29 5.1 MEDIUM 5.0 MEDIUM
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
CVE-2021-34363 2 Fedoraproject, The Fuck Project 2 Fedora, The Fuck 2022-03-25 6.4 MEDIUM 9.1 CRITICAL
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
CVE-2021-26691 5 Apache, Debian, Fedoraproject and 2 more 8 Http Server, Debian Linux, Fedora and 5 more 2022-03-25 7.5 HIGH 9.8 CRITICAL
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
CVE-2021-41864 4 Debian, Fedoraproject, Linux and 1 more 24 Debian Linux, Fedora, Linux Kernel and 21 more 2022-03-25 4.6 MEDIUM 7.8 HIGH
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
CVE-2021-38173 3 Debian, Digint, Fedoraproject 3 Debian Linux, Btrbk, Fedora 2022-03-25 7.5 HIGH 9.8 CRITICAL
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.
CVE-2022-21699 3 Debian, Fedoraproject, Ipython 3 Debian Linux, Fedora, Ipython 2022-03-25 4.6 MEDIUM 8.8 HIGH
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
CVE-2022-23598 2 Fedoraproject, Getlaminas 2 Fedora, Laminas-form 2022-03-25 4.3 MEDIUM 6.1 MEDIUM
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value was not being escaped for HTML contexts, which could potentially lead to a reflected cross-site scripting attack. Versions 3.1.1 and above contain a patch to mitigate the vulnerability. A workaround is available. One may manually place code at the top of a view script where one calls the `formElementErrors()` view helper. More information about this workaround is available on the GitHub Security Advisory.
CVE-2016-1572 5 Canonical, Debian, Ecryptfs and 2 more 6 Ubuntu Linux, Debian Linux, Ecryptfs-utils and 3 more 2022-03-23 4.6 MEDIUM 8.4 HIGH
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
CVE-2021-3935 4 Debian, Fedoraproject, Pgbouncer and 1 more 4 Debian Linux, Fedora, Pgbouncer and 1 more 2022-03-16 5.1 MEDIUM 8.1 HIGH
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.
CVE-2022-0433 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2022-03-16 4.9 MEDIUM 5.5 MEDIUM
A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.
CVE-2021-4023 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2022-03-15 4.9 MEDIUM 5.5 MEDIUM
A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system.
CVE-2022-23613 2 Fedoraproject, Neutrinolabs 2 Fedora, Xrdp 2022-03-15 7.2 HIGH 7.8 HIGH
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.
CVE-2021-34342 2 Fedoraproject, Libming 2 Fedora, Ming 2022-03-11 4.3 MEDIUM 6.5 MEDIUM
Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak.
CVE-2021-34341 2 Fedoraproject, Libming 2 Fedora, Ming 2022-03-11 4.3 MEDIUM 6.5 MEDIUM
Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service.
CVE-2021-34340 2 Fedoraproject, Libming 2 Fedora, Ming 2022-03-11 4.3 MEDIUM 6.5 MEDIUM
Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
CVE-2021-34339 2 Fedoraproject, Libming 2 Fedora, Ming 2022-03-11 4.3 MEDIUM 6.5 MEDIUM
Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
CVE-2021-34338 2 Fedoraproject, Libming 2 Fedora, Ming 2022-03-11 4.3 MEDIUM 6.5 MEDIUM
Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
CVE-2021-26925 2 Fedoraproject, Roundcube 2 Fedora, Webmail 2022-03-10 3.5 LOW 5.4 MEDIUM
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
CVE-2022-23645 3 Fedoraproject, Redhat, Swtpm Project 3 Fedora, Enterprise Linux, Swtpm 2022-03-07 2.1 LOW 5.5 MEDIUM
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.