Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44142 6 Canonical, Debian, Fedoraproject and 3 more 23 Ubuntu Linux, Debian Linux, Fedora and 20 more 2022-02-23 9.0 HIGH 8.8 HIGH
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
CVE-2021-44141 3 Fedoraproject, Redhat, Samba 3 Fedora, Storage, Samba 2022-02-23 3.5 LOW 4.3 MEDIUM
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
CVE-2021-40839 2 Fedoraproject, Rencode Project 2 Fedora, Rencode 2022-02-22 5.0 MEDIUM 7.5 HIGH
The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.
CVE-2020-18442 3 Debian, Fedoraproject, Zziplib Project 3 Debian Linux, Fedora, Zziplib 2022-02-22 2.1 LOW 3.3 LOW
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
CVE-2021-33571 2 Djangoproject, Fedoraproject 2 Django, Fedora 2022-02-22 5.0 MEDIUM 7.5 HIGH
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .
CVE-2020-28243 3 Debian, Fedoraproject, Saltstack 3 Debian Linux, Fedora, Salt 2022-02-22 4.4 MEDIUM 7.8 HIGH
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
CVE-2022-0196 2 Fedoraproject, Phoronix-media 2 Fedora, Phoronix Test Suite 2022-02-22 6.8 MEDIUM 8.8 HIGH
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-0157 2 Fedoraproject, Phoronix-media 2 Fedora, Phoronix Test Suite 2022-02-22 3.5 LOW 5.4 MEDIUM
phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0197 2 Fedoraproject, Phoronix-media 2 Fedora, Phoronix Test Suite 2022-02-22 6.8 MEDIUM 8.8 HIGH
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-0238 2 Fedoraproject, Phoronix-media 2 Fedora, Phoronix Test Suite 2022-02-22 4.3 MEDIUM 4.3 MEDIUM
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2020-24661 2 Fedoraproject, Gnome 2 Fedora, Geary 2022-02-22 2.6 LOW 5.9 MEDIUM
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.
CVE-2021-20718 3 Fedoraproject, Oracle, Zmartzone 3 Fedora, Essbase, Mod Auth Openidc 2022-02-20 5.0 MEDIUM 7.5 HIGH
mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.
CVE-2015-5745 3 Arista, Fedoraproject, Qemu 3 Eos, Fedora, Qemu 2022-02-19 4.0 MEDIUM 6.5 MEDIUM
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
CVE-2020-6860 2 Fedoraproject, Symonics 2 Fedora, Libmysofa 2022-02-19 6.8 MEDIUM 8.8 HIGH
libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.
CVE-2019-15718 3 Fedoraproject, Redhat, Systemd Project 14 Fedora, Enterprise Linux, Enterprise Linux Eus and 11 more 2022-02-19 3.6 LOW 4.4 MEDIUM
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
CVE-2019-6454 8 Canonical, Debian, Fedoraproject and 5 more 22 Ubuntu Linux, Debian Linux, Fedora and 19 more 2022-02-19 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
CVE-2021-38013 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Chrome and 1 more 2022-02-18 6.8 MEDIUM 9.6 CRITICAL
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-38012 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37975 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37974 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.