Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 4367 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15121 2 Fedoraproject, Radare 2 Fedora, Radare2 2022-01-04 6.8 MEDIUM 9.6 CRITICAL
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.
CVE-2020-16094 2 Claws-mail, Fedoraproject 2 Claws-mail, Fedora 2022-01-04 5.0 MEDIUM 7.5 HIGH
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
CVE-2021-4048 5 Fedoraproject, Julialang, Lapack Project and 2 more 8 Fedora, Julia, Lapack and 5 more 2022-01-04 6.4 MEDIUM 9.1 CRITICAL
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
CVE-2019-12854 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-01-01 5.0 MEDIUM 7.5 HIGH
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
CVE-2019-14664 2 Enigmail, Fedoraproject 2 Enigmail, Fedora 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks.
CVE-2019-12957 2 Fedoraproject, Glyphandcog 2 Fedora, Xpdfreader 2022-01-01 6.8 MEDIUM 7.8 HIGH
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
CVE-2019-17592 2 Csv-parse Project, Fedoraproject 2 Csv-parse, Fedora 2022-01-01 5.0 MEDIUM 7.5 HIGH
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.
CVE-2019-13730 6 Debian, Fedoraproject, Google and 3 more 9 Debian Linux, Fedora, Chrome and 6 more 2022-01-01 6.8 MEDIUM 8.8 HIGH
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-19647 2 Fedoraproject, Radare 2 Fedora, Radare2 2022-01-01 6.8 MEDIUM 7.8 HIGH
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
CVE-2019-18609 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2022-01-01 7.5 HIGH 9.8 CRITICAL
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
CVE-2020-6750 2 Fedoraproject, Gnome 2 Fedora, Glib 2022-01-01 4.3 MEDIUM 5.9 MEDIUM
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.
CVE-2020-6380 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-01 6.8 MEDIUM 8.8 HIGH
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension.
CVE-2020-6379 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-01 6.8 MEDIUM 8.8 HIGH
Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-8518 3 Debian, Fedoraproject, Horde 3 Debian Linux, Fedora, Groupware 2022-01-01 7.5 HIGH 9.8 CRITICAL
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
CVE-2020-7957 2 Dovecot, Fedoraproject 2 Dovecot, Fedora 2022-01-01 5.0 MEDIUM 5.3 MEDIUM
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages.
CVE-2019-18183 2 Fedoraproject, Pacman Project 2 Fedora, Pacman 2022-01-01 6.8 MEDIUM 9.8 CRITICAL
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.
CVE-2019-20479 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-01-01 5.8 MEDIUM 6.1 MEDIUM
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
CVE-2020-9308 3 Canonical, Fedoraproject, Libarchive 3 Ubuntu Linux, Fedora, Libarchive 2022-01-01 6.8 MEDIUM 8.8 HIGH
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
CVE-2019-20477 2 Fedoraproject, Pyyaml 2 Fedora, Pyyaml 2022-01-01 7.5 HIGH 9.8 CRITICAL
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
CVE-2020-10174 3 Canonical, Fedoraproject, Timeshift Project 3 Ubuntu Linux, Fedora, Timeshift 2022-01-01 6.9 MEDIUM 7.0 HIGH
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.