Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 4367 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-2773 7 Canonical, Debian, Fedoraproject and 4 more 21 Ubuntu Linux, Debian Linux, Fedora and 18 more 2022-09-30 4.3 MEDIUM 3.7 LOW
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2021-3409 4 Debian, Fedoraproject, Qemu and 1 more 4 Debian Linux, Fedora, Qemu and 1 more 2022-09-30 4.6 MEDIUM 5.7 MEDIUM
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
CVE-2021-3405 3 Debian, Fedoraproject, Matroska 3 Debian Linux, Fedora, Libebml 2022-09-30 4.3 MEDIUM 6.5 MEDIUM
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml.
CVE-2021-27135 3 Debian, Fedoraproject, Invisible-island 3 Debian Linux, Fedora, Xterm 2022-09-30 7.5 HIGH 9.8 CRITICAL
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
CVE-2020-25604 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-09-29 1.9 LOW 4.7 MEDIUM
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.
CVE-2020-25602 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-09-29 4.6 MEDIUM 6.0 MEDIUM
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV guest administrator can crash Xen, resulting in a host Denial of Service. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only Xen versions 4.11 and onwards are vulnerable. 4.10 and earlier are not vulnerable. Only x86 systems that do not implement the MISC_ENABLE MSR (0x1a0) are vulnerable. AMD and Hygon systems do not implement this MSR and are vulnerable. Intel systems do implement this MSR and are not vulnerable. Other manufacturers have not been checked. Only x86 PV guests can exploit the vulnerability. x86 HVM/PVH guests cannot exploit the vulnerability.
CVE-2020-14591 3 Fedoraproject, Netapp, Oracle 6 Fedora, Active Iq Unified Manager, Oncommand Insight and 3 more 2022-09-29 4.0 MEDIUM 6.5 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-45444 4 Apple, Debian, Fedoraproject and 1 more 5 Mac Os X, Macos, Debian Linux and 2 more 2022-09-29 5.1 MEDIUM 7.8 HIGH
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
CVE-2021-46022 2 Fedoraproject, Gnu 2 Fedora, Recutils 2022-09-29 4.3 MEDIUM 5.5 MEDIUM
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
CVE-2021-4147 3 Fedoraproject, Netapp, Redhat 3 Fedora, Ontap Select Deploy Administration Utility, Libvirt 2022-09-29 4.9 MEDIUM 6.5 MEDIUM
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
CVE-2021-46021 2 Fedoraproject, Gnu 2 Fedora, Recutils 2022-09-29 4.3 MEDIUM 5.5 MEDIUM
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
CVE-2021-46019 2 Fedoraproject, Gnu 2 Fedora, Recutils 2022-09-29 4.3 MEDIUM 5.5 MEDIUM
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
CVE-2021-21703 5 Debian, Fedoraproject, Netapp and 2 more 5 Debian Linux, Fedora, Clustered Data Ontap and 2 more 2022-09-29 6.9 MEDIUM 7.0 HIGH
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
CVE-2021-41099 5 Debian, Fedoraproject, Netapp and 2 more 5 Debian Linux, Fedora, Management Services For Element Software And Netapp Hci and 2 more 2022-09-29 6.0 MEDIUM 7.5 HIGH
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
CVE-2015-4836 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2022-09-29 2.8 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
CVE-2021-42781 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2022-09-29 5.0 MEDIUM 5.3 MEDIUM
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
CVE-2021-42782 2 Fedoraproject, Opensc Project 2 Fedora, Opensc 2022-09-29 5.0 MEDIUM 5.3 MEDIUM
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
CVE-2021-42780 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2022-09-29 5.0 MEDIUM 5.3 MEDIUM
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
CVE-2021-42778 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2022-09-29 5.0 MEDIUM 5.3 MEDIUM
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
CVE-2021-42779 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2022-09-29 5.0 MEDIUM 5.3 MEDIUM
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.