Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21419 2 Eventlet, Fedoraproject 2 Eventlet, Fedora 2021-05-27 5.0 MEDIUM 5.3 MEDIUM
Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.
CVE-2020-7238 4 Debian, Fedoraproject, Netty and 1 more 6 Debian Linux, Fedora, Netty and 3 more 2021-05-27 5.0 MEDIUM 7.5 HIGH
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
CVE-2020-27840 3 Debian, Fedoraproject, Samba 3 Debian Linux, Fedora, Samba 2021-05-26 5.0 MEDIUM 7.5 HIGH
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.
CVE-2021-32918 4 Debian, Fedoraproject, Lua and 1 more 4 Debian Linux, Fedora, Lua and 1 more 2021-05-26 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.
CVE-2021-32919 3 Debian, Fedoraproject, Prosody 3 Debian Linux, Fedora, Prosody 2021-05-26 4.3 MEDIUM 7.5 HIGH
An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).
CVE-2021-31800 2 Fedoraproject, Secureauth 2 Fedora, Impacket 2021-05-26 7.5 HIGH 9.8 CRITICAL
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
CVE-2021-29510 2 Fedoraproject, Pydantic Project 2 Fedora, Pydantic 2021-05-25 5.0 MEDIUM 7.5 HIGH
Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pydantic has been patched with fixes available in the following versions: v1.8.2, v1.7.4, v1.6.2. All these versions are available on pypi(https://pypi.org/project/pydantic/#history), and will be available on conda-forge(https://anaconda.org/conda-forge/pydantic) soon. See the changelog(https://pydantic-docs.helpmanual.io/) for details. If you absolutely can't upgrade, you can work around this risk using a validator(https://pydantic-docs.helpmanual.io/usage/validators/) to catch these values. This is not an ideal solution (in particular you'll need a slightly different function for datetimes), instead of a hack like this you should upgrade pydantic. If you are not using v1.8.x, v1.7.x or v1.6.x and are unable to upgrade to a fixed version of pydantic, please create an issue at https://github.com/samuelcolvin/pydantic/issues requesting a back-port, and we will endeavour to release a patch for earlier versions of pydantic.
CVE-2021-3402 2 Fedoraproject, Virustotal 2 Fedora, Yara 2021-05-24 6.4 MEDIUM 9.1 CRITICAL
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
CVE-2020-35701 2 Cacti, Fedoraproject 2 Cacti, Fedora 2021-05-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.
CVE-2018-11797 3 Apache, Fedoraproject, Oracle 3 Pdfbox, Fedora, Retail Xstore Point Of Service 2021-05-21 4.3 MEDIUM 5.5 MEDIUM
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
CVE-2021-3472 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2021-05-19 7.2 HIGH 7.8 HIGH
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2018-10811 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2021-05-18 5.0 MEDIUM 7.5 HIGH
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVE-2021-21156 2 Fedoraproject, Google 2 Fedora, Chrome 2021-05-17 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.
CVE-2021-21148 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-05-17 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-20232 3 Fedoraproject, Gnu, Redhat 3 Fedora, Gnutls, Enterprise Linux 2021-05-17 7.5 HIGH 9.8 CRITICAL
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
CVE-2018-10196 3 Canonical, Fedoraproject, Graphviz 3 Ubuntu Linux, Fedora, Graphviz 2021-05-13 4.3 MEDIUM 5.5 MEDIUM
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2020-15216 2 Fedoraproject, Goxmldsig Project 2 Fedora, Goxmldsig 2021-05-05 4.3 MEDIUM 6.5 MEDIUM
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0
CVE-2020-8037 4 Apple, Debian, Fedoraproject and 1 more 5 Mac Os X, Macos, Debian Linux and 2 more 2021-05-05 5.0 MEDIUM 7.5 HIGH
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
CVE-2020-25693 2 Cimg, Fedoraproject 2 Cimg, Fedora 2021-05-05 5.8 MEDIUM 8.1 HIGH
A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity.
CVE-2021-20205 2 Fedoraproject, Libjpeg-turbo 2 Fedora, Libjpeg-turbo 2021-05-04 4.3 MEDIUM 6.5 MEDIUM
Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.