Filtered by vendor Fedoraproject
Subscribe
Total
4434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14624 | 3 Debian, Fedoraproject, Redhat | 8 Debian Linux, 389 Directory Server, Enterprise Linux Desktop and 5 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. | |||||
| CVE-2022-0730 | 3 Cacti, Debian, Fedoraproject | 3 Cacti, Debian Linux, Fedora | 2023-02-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. | |||||
| CVE-2022-1304 | 3 E2fsprogs Project, Fedoraproject, Redhat | 3 E2fsprogs, Fedora, Enterprise Linux | 2023-02-12 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. | |||||
| CVE-2022-0216 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2023-02-12 | N/A | 4.4 MEDIUM |
| A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. | |||||
| CVE-2021-20271 | 4 Fedoraproject, Redhat, Rpm and 1 more | 4 Fedora, Enterprise Linux, Rpm and 1 more | 2023-02-12 | 5.1 MEDIUM | 7.0 HIGH |
| A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. | |||||
| CVE-2020-10735 | 3 Fedoraproject, Python, Redhat | 5 Fedora, Python, Enterprise Linux and 2 more | 2023-02-12 | N/A | 7.5 HIGH |
| A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-0996 | 2 Fedoraproject, Redhat | 3 Fedora, 389 Directory Server, Enterprise Linux | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | |||||
| CVE-2022-1122 | 3 Debian, Fedoraproject, Uclouvain | 3 Debian Linux, Fedora, Openjpeg | 2023-02-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. | |||||
| CVE-2019-10143 | 3 Fedoraproject, Freeradius, Redhat | 3 Fedora, Freeradius, Enterprise Linux | 2023-02-12 | 6.9 MEDIUM | 7.0 HIGH |
| ** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." | |||||
| CVE-2019-9959 | 4 Debian, Fedoraproject, Freedesktop and 1 more | 7 Debian Linux, Fedora, Poppler and 4 more | 2023-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. | |||||
| CVE-2019-9903 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. | |||||
| CVE-2018-25032 | 8 Apple, Debian, Fedoraproject and 5 more | 35 Mac Os X, Macos, Debian Linux and 32 more | 2023-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | |||||
| CVE-2021-28544 | 4 Apache, Apple, Debian and 1 more | 4 Subversion, Macos, Debian Linux and 1 more | 2023-02-11 | 3.5 LOW | 4.3 MEDIUM |
| Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. | |||||
| CVE-2022-41854 | 2 Fedoraproject, Snakeyaml Project | 2 Fedora, Snakeyaml | 2023-02-11 | N/A | 6.5 MEDIUM |
| Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | |||||
| CVE-2019-13759 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-13757 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2019-13756 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-13755 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. | |||||
| CVE-2019-13753 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-13752 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||