Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19269 3 Debian, Fedoraproject, Proftpd 3 Debian Linux, Fedora, Proftpd 2020-01-13 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
CVE-2013-4752 2 Fedoraproject, Sensiolabs 2 Fedora, Symfony 2020-01-10 4.3 MEDIUM 6.1 MEDIUM
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.
CVE-2014-5118 3 Fedoraproject, Redhat, Trusted Boot Project 3 Fedora, Enterprise Linux, Trusted Boot 2020-01-10 2.1 LOW 5.5 MEDIUM
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability
CVE-2019-19582 2 Fedoraproject, Xen 2 Fedora, Xen 2020-01-03 2.1 LOW 6.5 MEDIUM
An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.
CVE-2019-19581 2 Fedoraproject, Xen 2 Fedora, Xen 2020-01-03 2.1 LOW 6.5 MEDIUM
An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.
CVE-2019-19580 2 Fedoraproject, Xen 2 Fedora, Xen 2020-01-03 6.0 MEDIUM 6.6 MEDIUM
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
CVE-2012-3462 1 Fedoraproject 1 Sssd 2020-01-03 6.5 MEDIUM 8.8 HIGH
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
CVE-2012-5645 2 Fedoraproject, Freeciv 2 Fedora, Freeciv 2020-01-03 7.8 HIGH 7.5 HIGH
A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.
CVE-2015-3455 3 Fedoraproject, Oracle, Squid-cache 4 Fedora, Linux, Solaris and 1 more 2019-12-27 2.6 LOW N/A
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
CVE-2015-1819 8 Apple, Canonical, Debian and 5 more 12 Iphone Os, Mac Os X, Tvos and 9 more 2019-12-27 5.0 MEDIUM N/A
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
CVE-2012-2130 3 Debian, Fedoraproject, Polarssl 3 Debian Linux, Fedora, Polarssl 2019-12-18 5.8 MEDIUM 7.4 HIGH
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.
CVE-2019-19334 3 Cesnet, Fedoraproject, Redhat 3 Libyang, Fedora, Enterprise Linux 2019-12-18 7.5 HIGH 9.8 CRITICAL
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
CVE-2012-1105 3 Apereo, Debian, Fedoraproject 3 Phpcas, Debian Linux, Fedora 2019-12-17 2.1 LOW 5.5 MEDIUM
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
CVE-2015-5254 3 Apache, Fedoraproject, Redhat 3 Activemq, Fedora, Openshift 2019-12-17 7.5 HIGH 9.8 CRITICAL
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
CVE-2013-4158 3 Debian, Fedoraproject, Smokeping 3 Debian Linux, Fedora, Smokeping 2019-12-17 4.3 MEDIUM 6.1 MEDIUM
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)
CVE-2014-9636 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2019-12-16 5.0 MEDIUM N/A
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
CVE-2019-13225 2 Fedoraproject, Oniguruma Project 2 Fedora, Oniguruma 2019-12-16 4.3 MEDIUM 6.5 MEDIUM
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
CVE-2012-1615 1 Fedoraproject 2 Fedora, Sectool 2019-12-16 4.6 MEDIUM 7.8 HIGH
A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.
CVE-2012-4428 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2019-12-16 5.0 MEDIUM 7.5 HIGH
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
CVE-2013-4410 2 Fedoraproject, Reviewboard 2 Fedora, Reviewboard 2019-12-13 5.0 MEDIUM 7.5 HIGH
ReviewBoard: has an access-control problem in REST API