Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4607 4 Apple, Fedoraproject, Microsoft and 1 more 9 Icloud, Iphone Os, Itunes and 6 more 2020-10-09 7.5 HIGH 9.8 CRITICAL
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
CVE-2020-7041 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more 5 Fedora, Openfortivpn, Openssl and 2 more 2020-10-09 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.
CVE-2020-7043 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more 5 Fedora, Openfortivpn, Openssl and 2 more 2020-10-09 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.
CVE-2019-14812 2 Artifex, Fedoraproject 2 Ghostscript, Fedora 2020-10-09 6.8 MEDIUM 7.8 HIGH
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2019-14869 3 Artifex, Fedoraproject, Opensuse 3 Ghostscript, Fedora, Leap 2020-10-09 6.8 MEDIUM 8.8 HIGH
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
CVE-2019-16239 2 Fedoraproject, Infradead 2 Fedora, Openconnect 2020-10-07 7.5 HIGH 9.8 CRITICAL
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
CVE-2019-8936 5 Fedoraproject, Hpe, Netapp and 2 more 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more 2020-10-07 5.0 MEDIUM 7.5 HIGH
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2011-1783 5 Apache, Apple, Canonical and 2 more 5 Subversion, Mac Os X, Ubuntu Linux and 2 more 2020-10-05 4.3 MEDIUM N/A
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
CVE-2011-1752 5 Apache, Apple, Canonical and 2 more 5 Subversion, Mac Os X, Ubuntu Linux and 2 more 2020-10-05 5.0 MEDIUM N/A
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
CVE-2019-10164 4 Fedoraproject, Opensuse, Postgresql and 1 more 4 Fedora, Leap, Postgresql and 1 more 2020-10-02 9.0 HIGH 8.8 HIGH
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
CVE-2019-11036 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2020-10-02 6.4 MEDIUM 9.1 CRITICAL
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-9658 3 Checkstyle, Debian, Fedoraproject 3 Checkstyle, Debian Linux, Fedora 2020-09-30 5.0 MEDIUM 5.3 MEDIUM
Checkstyle before 8.18 loads external DTDs by default.
CVE-2019-10155 5 Fedoraproject, Libreswan, Redhat and 2 more 5 Fedora, Libreswan, Enterprise Linux and 2 more 2020-09-30 3.5 LOW 3.1 LOW
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.
CVE-2018-8786 5 Canonical, Debian, Fedoraproject and 2 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2020-09-28 7.5 HIGH 9.8 CRITICAL
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
CVE-2018-19872 3 Fedoraproject, Opensuse, Qt 3 Fedora, Leap, Qt 2020-09-28 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
CVE-2019-16237 4 Canonical, Debian, Dino and 1 more 4 Ubuntu Linux, Debian Linux, Dino and 1 more 2020-09-14 5.0 MEDIUM 7.5 HIGH
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.
CVE-2019-16236 4 Canonical, Debian, Dino and 1 more 4 Ubuntu Linux, Debian Linux, Dino and 1 more 2020-09-14 5.0 MEDIUM 7.5 HIGH
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.
CVE-2019-16235 4 Canonical, Debian, Dino and 1 more 4 Ubuntu Linux, Debian Linux, Dino and 1 more 2020-09-14 5.0 MEDIUM 7.5 HIGH
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.
CVE-2016-4797 2 Fedoraproject, Uclouvain 2 Fedora, Openjpeg 2020-09-09 4.3 MEDIUM 5.5 MEDIUM
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
CVE-2016-4796 2 Fedoraproject, Uclouvain 2 Fedora, Openjpeg 2020-09-09 4.3 MEDIUM 5.5 MEDIUM
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.