Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25639 3 Fedoraproject, Linux, Redhat 5 Fedora, Linux Kernel, Enterprise Linux and 2 more 2021-03-10 4.9 MEDIUM 4.4 MEDIUM
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.
CVE-2020-36152 2 Fedoraproject, Symonics 2 Fedora, Libmysofa 2021-03-10 6.8 MEDIUM 8.8 HIGH
Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.
CVE-2020-36151 2 Fedoraproject, Symonics 2 Fedora, Libmysofa 2021-03-10 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.
CVE-2020-36149 2 Fedoraproject, Symonics 2 Fedora, Libmysofa 2021-03-10 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
CVE-2020-36148 2 Fedoraproject, Symonics 2 Fedora, Libmysofa 2021-03-09 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
CVE-2012-5474 4 Debian, Fedoraproject, Openstack and 1 more 4 Debian Linux, Fedora, Horizon and 1 more 2021-03-09 2.1 LOW 5.5 MEDIUM
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
CVE-2021-3281 3 Djangoproject, Fedoraproject, Netapp 3 Django, Fedora, Snapcenter 2021-03-05 5.0 MEDIUM 5.3 MEDIUM
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
CVE-2020-15978 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Android and 2 more 2021-03-05 6.8 MEDIUM 8.8 HIGH
Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
CVE-2020-15977 5 Apple, Debian, Fedoraproject and 2 more 5 Mac Os X, Debian Linux, Fedora and 2 more 2021-03-05 4.3 MEDIUM 6.5 MEDIUM
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
CVE-2020-16043 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-03-05 6.8 MEDIUM 8.8 HIGH
Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic.
CVE-2020-15966 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-03-04 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
CVE-2020-15811 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2021-03-04 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
CVE-2020-29600 3 Awstats, Debian, Fedoraproject 3 Awstats, Debian Linux, Fedora 2021-03-04 7.5 HIGH 9.8 CRITICAL
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.
CVE-2020-8449 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2021-03-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
CVE-2011-0762 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-03-04 4.0 MEDIUM N/A
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
CVE-2019-14732 2 Adplug Project, Fedoraproject 2 Adplug, Fedora 2021-02-26 6.8 MEDIUM 8.8 HIGH
AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp.
CVE-2017-6888 3 Debian, Fedoraproject, Flac Project 3 Debian Linux, Fedora, Flac 2021-02-25 4.3 MEDIUM 5.5 MEDIUM
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
CVE-2020-0499 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Android 2021-02-25 4.3 MEDIUM 4.3 MEDIUM
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
CVE-2017-9271 2 Fedoraproject, Opensuse 2 Fedora, Zypper 2021-02-25 2.1 LOW 3.3 LOW
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
CVE-2016-9085 2 Fedoraproject, Webmproject 2 Fedora, Libwebp 2021-02-25 2.1 LOW 3.3 LOW
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.