Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-1788 3 Apple, Debian, Fedoraproject 9 Ipados, Iphone Os, Mac Os X and 6 more 2022-04-26 6.8 MEDIUM 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-1871 3 Apple, Debian, Fedoraproject 6 Ipad Os, Iphone Os, Mac Os X and 3 more 2022-04-26 7.5 HIGH 9.8 CRITICAL
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVE-2021-20266 2 Fedoraproject, Rpm 2 Fedora, Rpm 2022-04-26 4.0 MEDIUM 4.9 MEDIUM
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
CVE-2020-1472 8 Canonical, Debian, Fedoraproject and 5 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2022-04-26 9.3 HIGH 10.0 CRITICAL
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
CVE-2020-16166 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2022-04-26 4.3 MEDIUM 3.7 LOW
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
CVE-2020-1934 6 Apache, Canonical, Debian and 3 more 11 Http Server, Ubuntu Linux, Debian Linux and 8 more 2022-04-26 5.0 MEDIUM 5.3 MEDIUM
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2020-11612 5 Debian, Fedoraproject, Netapp and 2 more 13 Debian Linux, Fedora, Oncommand Api Services and 10 more 2022-04-26 5.0 MEDIUM 7.5 HIGH
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
CVE-2020-28924 2 Fedoraproject, Rclone 2 Fedora, Rclone 2022-04-26 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.
CVE-2020-8698 5 Debian, Fedoraproject, Intel and 2 more 49 Debian Linux, Fedora, Core I3-1000g1 and 46 more 2022-04-26 2.1 LOW 5.5 MEDIUM
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2021-3308 2 Fedoraproject, Xen 2 Fedora, Xen 2022-04-26 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.
CVE-2020-0452 2 Fedoraproject, Google 2 Fedora, Android 2022-04-26 7.5 HIGH 9.8 CRITICAL
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
CVE-2020-27674 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2022-04-26 4.6 MEDIUM 5.3 MEDIUM
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.
CVE-2020-27675 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-04-26 4.7 MEDIUM 4.7 MEDIUM
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.
CVE-2020-27671 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-04-26 6.9 MEDIUM 7.8 HIGH
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
CVE-2020-27672 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-04-26 6.9 MEDIUM 7.0 HIGH
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
CVE-2020-35679 2 Fedoraproject, Opensmtpd 2 Fedora, Opensmtpd 2022-04-26 5.0 MEDIUM 7.5 HIGH
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
CVE-2020-29668 3 Debian, Fedoraproject, Sympa 3 Debian Linux, Fedora, Sympa 2022-04-26 4.3 MEDIUM 3.7 LOW
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
CVE-2020-29479 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2022-04-26 7.2 HIGH 8.8 HIGH
An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.
CVE-2020-14354 2 C-ares Project, Fedoraproject 2 C-ares, Fedora 2022-04-26 2.1 LOW 3.3 LOW
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.
CVE-2021-21289 3 Debian, Fedoraproject, Mechanize Project 3 Debian Linux, Fedora, Mechanize 2022-04-26 7.6 HIGH 8.3 HIGH
Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load, Mechanize::CookieJar#save_as, Mechanize#download, Mechanize::Download#save, Mechanize::File#save, and Mechanize::FileResponse#read_body. This is fixed in version 2.7.7.