Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15987 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-02-24 6.8 MEDIUM 8.8 HIGH
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
CVE-2020-15985 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-02-24 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2020-15992 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-02-24 6.8 MEDIUM 8.8 HIGH
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
CVE-2020-15995 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2021-02-24 6.8 MEDIUM 8.8 HIGH
Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-13482 2 Em-http-request Project, Fedoraproject 2 Em-http-request, Fedora 2021-02-24 5.8 MEDIUM 7.4 HIGH
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
CVE-2016-10027 2 Fedoraproject, Igniterealtime 2 Fedora, Smack 2021-02-23 4.3 MEDIUM 5.9 MEDIUM
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
CVE-2020-35376 2 Fedoraproject, Xpdfreader 2 Fedora, Xpdf 2021-02-23 5.0 MEDIUM 7.5 HIGH
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.
CVE-2019-16335 6 Debian, Fasterxml, Fedoraproject and 3 more 18 Debian Linux, Jackson-databind, Fedora and 15 more 2021-02-22 7.5 HIGH 9.8 CRITICAL
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
CVE-2019-14540 6 Debian, Fasterxml, Fedoraproject and 3 more 20 Debian Linux, Jackson-databind, Fedora and 17 more 2021-02-22 7.5 HIGH 9.8 CRITICAL
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-14733 2 Adplug Project, Fedoraproject 2 Adplug, Fedora 2021-02-22 6.8 MEDIUM 8.8 HIGH
AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp.
CVE-2019-14692 2 Adplug Project, Fedoraproject 2 Adplug, Fedora 2021-02-22 6.8 MEDIUM 8.8 HIGH
AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp.
CVE-2016-9398 4 Fedoraproject, Jasper Project, Opensuse and 1 more 6 Fedora, Jasper, Leap and 3 more 2021-02-22 5.0 MEDIUM 7.5 HIGH
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2017-1000050 4 Canonical, Fedoraproject, Jasper Project and 1 more 6 Ubuntu Linux, Fedora, Jasper and 3 more 2021-02-22 5.0 MEDIUM 7.5 HIGH
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
CVE-2016-9397 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2021-02-22 5.0 MEDIUM 7.5 HIGH
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-9399 3 Fedoraproject, Jasper Project, Opensuse 3 Fedora, Jasper, Leap 2021-02-22 5.0 MEDIUM 7.5 HIGH
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2020-25652 3 Debian, Fedoraproject, Spice-space 3 Debian Linux, Fedora, Spice-vdagent 2021-02-19 4.9 MEDIUM 5.5 MEDIUM
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.
CVE-2020-25650 3 Debian, Fedoraproject, Spice-space 3 Debian Linux, Fedora, Spice-vdagent 2021-02-19 2.1 LOW 5.5 MEDIUM
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.
CVE-2020-12663 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2021-02-17 5.0 MEDIUM 7.5 HIGH
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
CVE-2009-1903 2 Fedoraproject, Trustwave 2 Fedora, Modsecurity 2021-02-13 4.3 MEDIUM N/A
The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
CVE-2012-4528 3 Fedoraproject, Opensuse, Trustwave 3 Fedora, Opensuse, Modsecurity 2021-02-12 5.0 MEDIUM N/A
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.