Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16227 6 Apple, Debian, Fedoraproject and 3 more 6 Mac Os X, Debian Linux, Fedora and 3 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.
CVE-2018-14882 7 Apple, Debian, F5 and 4 more 7 Mac Os X, Debian Linux, Traffix Sdc and 4 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
CVE-2018-14881 6 Apple, Debian, Fedoraproject and 3 more 6 Mac Os X, Debian Linux, Fedora and 3 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
CVE-2018-14880 7 Apple, Debian, F5 and 4 more 23 Mac Os X, Debian Linux, Big-ip Access Policy Manager and 20 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
CVE-2018-14879 7 Apple, Debian, F5 and 4 more 7 Mac Os X, Debian Linux, Traffix Sdc and 4 more 2020-01-20 5.1 MEDIUM 7.0 HIGH
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
CVE-2018-14465 7 Apple, Debian, F5 and 4 more 7 Mac Os X, Debian Linux, Traffix Sdc and 4 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
CVE-2018-14464 6 Apple, Debian, Fedoraproject and 3 more 6 Mac Os X, Debian Linux, Fedora and 3 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().
CVE-2018-14462 7 Apple, Debian, F5 and 4 more 7 Mac Os X, Debian Linux, Traffix Sdc and 4 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
CVE-2018-14461 6 Apple, Debian, Fedoraproject and 3 more 6 Mac Os X, Debian Linux, Fedora and 3 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
CVE-2018-14470 6 Apple, Debian, Fedoraproject and 3 more 6 Mac Os X, Debian Linux, Fedora and 3 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
CVE-2018-14469 7 Apple, Debian, F5 and 4 more 7 Mac Os X, Debian Linux, Traffix Sdc and 4 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
CVE-2018-14468 7 Apple, Debian, F5 and 4 more 23 Mac Os X, Debian Linux, Big-ip Access Policy Manager and 20 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
CVE-2018-14467 6 Apple, Debian, Fedoraproject and 3 more 6 Mac Os X, Debian Linux, Fedora and 3 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).
CVE-2018-14466 6 Apple, Debian, Fedoraproject and 3 more 6 Mac Os X, Debian Linux, Fedora and 3 more 2020-01-20 5.0 MEDIUM 7.5 HIGH
The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().
CVE-2018-1002102 2 Fedoraproject, Kubernetes 2 Fedora, Kubernetes 2020-01-16 2.1 LOW 2.6 LOW
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
CVE-2019-18622 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Backports Sle, Leap and 1 more 2020-01-14 7.5 HIGH 9.8 CRITICAL
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
CVE-2012-4451 3 Fedoraproject, Redhat, Zend 3 Fedora, Enterprise Linux, Zend Framework 2020-01-14 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
CVE-2013-4357 5 Canonical, Debian, Eglibc and 2 more 5 Ubuntu Linux, Debian Linux, Eglibc and 2 more 2020-01-14 5.0 MEDIUM 7.5 HIGH
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
CVE-2019-19579 2 Fedoraproject, Xen 2 Fedora, Xen 2020-01-13 7.2 HIGH 6.8 MEDIUM
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these "alternate" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.
CVE-2019-19270 2 Fedoraproject, Proftpd 2 Fedora, Proftpd 2020-01-13 5.0 MEDIUM 7.5 HIGH
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.