Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-6477 2 Fedoraproject, Isc 2 Fedora, Bind 2020-10-20 5.0 MEDIUM 7.5 HIGH
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).
CVE-2019-5419 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2020-10-16 7.8 HIGH 7.5 HIGH
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
CVE-2019-5418 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2020-10-16 5.0 MEDIUM 7.5 HIGH
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVE-2019-14817 5 Artifex, Debian, Fedoraproject and 2 more 5 Ghostscript, Debian Linux, Fedora and 2 more 2020-10-16 6.8 MEDIUM 7.8 HIGH
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2019-14811 5 Artifex, Debian, Fedoraproject and 2 more 5 Ghostscript, Debian Linux, Fedora and 2 more 2020-10-16 6.8 MEDIUM 7.8 HIGH
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2019-14813 5 Artifex, Debian, Fedoraproject and 2 more 12 Ghostscript, Debian Linux, Fedora and 9 more 2020-10-16 7.5 HIGH 9.8 CRITICAL
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2019-11038 8 Canonical, Debian, Fedoraproject and 5 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2020-10-16 5.0 MEDIUM 5.3 MEDIUM
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
CVE-2019-3992 2 Elog Project, Fedoraproject 2 Elog, Fedora 2020-10-15 5.0 MEDIUM 7.5 HIGH
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older versions of ELOG, passwords.
CVE-2019-3993 2 Elog Project, Fedoraproject 2 Elog, Fedora 2020-10-15 5.0 MEDIUM 7.5 HIGH
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request.
CVE-2019-3839 6 Artifex, Canonical, Debian and 3 more 6 Ghostscript, Ubuntu Linux, Debian Linux and 3 more 2020-10-15 6.8 MEDIUM 7.8 HIGH
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
CVE-2019-3838 5 Artifex, Debian, Fedoraproject and 2 more 12 Ghostscript, Debian Linux, Fedora and 9 more 2020-10-15 4.3 MEDIUM 5.5 MEDIUM
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
CVE-2019-3835 5 Artifex, Debian, Fedoraproject and 2 more 11 Ghostscript, Debian Linux, Fedora and 8 more 2020-10-15 4.3 MEDIUM 5.5 MEDIUM
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
CVE-2019-3857 7 Debian, Fedoraproject, Libssh2 and 4 more 13 Debian Linux, Fedora, Libssh2 and 10 more 2020-10-15 6.8 MEDIUM 8.8 HIGH
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-3856 7 Debian, Fedoraproject, Libssh2 and 4 more 13 Debian Linux, Fedora, Libssh2 and 10 more 2020-10-15 6.8 MEDIUM 8.8 HIGH
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-3855 8 Apple, Debian, Fedoraproject and 5 more 14 Xcode, Debian Linux, Fedora and 11 more 2020-10-15 9.3 HIGH 8.8 HIGH
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-7221 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2020-10-15 4.6 MEDIUM 7.8 HIGH
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2016-7969 3 Fedoraproject, Libass Project, Opensuse 4 Fedora, Libass, Leap and 1 more 2020-10-14 5.0 MEDIUM 7.5 HIGH
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
CVE-2009-3767 4 Apple, Fedoraproject, Openldap and 1 more 4 Mac Os X, Fedora, Openldap and 1 more 2020-10-14 4.3 MEDIUM N/A
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2017-18342 2 Fedoraproject, Pyyaml 2 Fedora, Pyyaml 2020-10-14 7.5 HIGH 9.8 CRITICAL
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
CVE-2016-4609 5 Apple, Debian, Fedoraproject and 2 more 10 Icloud, Iphone Os, Itunes and 7 more 2020-10-09 7.5 HIGH 9.8 CRITICAL
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.