Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16865 2 Fedoraproject, Python 2 Fedora, Pillow 2020-02-18 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
CVE-2014-4172 3 Apereo, Debian, Fedoraproject 5 .net Cas Client, Java Cas Client, Phpcas and 2 more 2020-02-12 7.5 HIGH 9.8 CRITICAL
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.
CVE-2013-4572 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2020-02-10 5.0 MEDIUM 7.5 HIGH
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
CVE-2016-1544 2 Fedoraproject, Nghttp2 2 Fedora, Nghttp2 2020-02-10 2.1 LOW 3.3 LOW
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
CVE-2010-5304 2 Fedoraproject, Libvncserver Project 2 Fedora, Libvncserver 2020-02-07 5.0 MEDIUM 7.5 HIGH
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.
CVE-2011-4088 3 Abrt Project, Fedoraproject, Redhat 5 Abrt, Fedora, Enterprise Linux Desktop and 2 more 2020-02-05 5.0 MEDIUM 7.5 HIGH
ABRT might allow attackers to obtain sensitive information from crash reports.
CVE-2019-14867 2 Fedoraproject, Freeipa 2 Fedora, Freeipa 2020-02-04 6.8 MEDIUM 8.8 HIGH
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.
CVE-2019-10195 2 Fedoraproject, Freeipa 2 Fedora, Freeipa 2020-02-04 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.
CVE-2013-1437 2 Fedoraproject, Module-metadata Project 2 Fedora, Module-metadata 2020-02-04 7.5 HIGH 9.8 CRITICAL
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.
CVE-2013-1895 2 Fedoraproject, Python 2 Fedora, Py-bcrypt 2020-02-04 5.0 MEDIUM 7.5 HIGH
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
CVE-2013-0294 2 Fedoraproject, Pyrad Project 2 Fedora, Pyrad 2020-01-31 4.3 MEDIUM 5.9 MEDIUM
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.
CVE-2014-2581 2 Fedoraproject, Smb4k Project 2 Fedora, Smb4k 2020-01-30 5.0 MEDIUM 7.5 HIGH
Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.
CVE-2010-3282 3 Fedoraproject, Hp, Redhat 4 389 Directory Server, Hp-ux Directory Server, Directory Server and 1 more 2020-01-29 1.9 LOW 3.3 LOW
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.
CVE-2019-18660 5 Canonical, Fedoraproject, Linux and 2 more 5 Ubuntu Linux, Fedora, Linux Kernel and 2 more 2020-01-28 1.9 LOW 4.7 MEDIUM
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
CVE-2017-11462 2 Fedoraproject, Mit 2 Fedora, Kerberos 5 2020-01-21 7.5 HIGH 9.8 CRITICAL
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
CVE-2017-11368 2 Fedoraproject, Mit 3 Fedora, Kerberos, Kerberos 5 2020-01-21 4.0 MEDIUM 6.5 MEDIUM
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
CVE-2018-16451 6 Apple, Debian, Fedoraproject and 3 more 6 Mac Os X, Debian Linux, Fedora and 3 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
CVE-2018-16230 6 Apple, Debian, Fedoraproject and 3 more 6 Mac Os X, Debian Linux, Fedora and 3 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
CVE-2018-16229 7 Apple, Debian, F5 and 4 more 7 Mac Os X, Debian Linux, Traffix Sdc and 4 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
CVE-2018-16228 6 Apple, Debian, Fedoraproject and 3 more 6 Mac Os X, Debian Linux, Fedora and 3 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().