Filtered by vendor Fedoraproject
Subscribe
Total
4434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1915 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2021-02-12 | 7.5 HIGH | N/A |
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. | |||||
CVE-2009-1902 | 2 Fedoraproject, Trustwave | 2 Fedora, Modsecurity | 2021-02-12 | 5.0 MEDIUM | N/A |
The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference. | |||||
CVE-2021-3272 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-02-12 | 4.3 MEDIUM | 5.5 MEDIUM |
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. | |||||
CVE-2020-26575 | 4 Debian, Fedoraproject, Oracle and 1 more | 5 Debian Linux, Fedora, Zfs Storage Appliance and 2 more | 2021-02-11 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. | |||||
CVE-2019-13619 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2021-02-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. | |||||
CVE-2020-25863 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2021-02-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. | |||||
CVE-2020-25862 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Leap and 2 more | 2021-02-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. | |||||
CVE-2020-9430 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2021-02-09 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. | |||||
CVE-2019-1010319 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2021-02-09 | 4.3 MEDIUM | 5.5 MEDIUM |
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe. | |||||
CVE-2011-4862 | 8 Debian, Fedoraproject, Freebsd and 5 more | 10 Debian Linux, Fedora, Freebsd and 7 more | 2021-02-09 | 10.0 HIGH | N/A |
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. | |||||
CVE-2017-13751 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-02-05 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2017-13750 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-02-05 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2017-13749 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-02-05 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2017-13748 | 3 Debian, Fedoraproject, Jasper Project | 3 Debian Linux, Fedora, Jasper | 2021-02-05 | 5.0 MEDIUM | 7.5 HIGH |
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. | |||||
CVE-2017-13747 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-02-05 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2017-13746 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-02-05 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2017-13752 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-02-05 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2020-35474 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2021-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML. | |||||
CVE-2014-4341 | 4 Debian, Fedoraproject, Mit and 1 more | 10 Debian Linux, Fedora, Kerberos 5 and 7 more | 2021-02-02 | 5.0 MEDIUM | N/A |
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. | |||||
CVE-2014-5353 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2021-02-02 | 3.5 LOW | N/A |
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. |