Filtered by vendor Fedoraproject
Subscribe
Total
4434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35475 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.) | |||||
| CVE-2022-27920 | 2 Fedoraproject, Kiwix | 2 Fedora, Libkiwix | 2022-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. | |||||
| CVE-2020-28493 | 2 Fedoraproject, Palletsprojects | 2 Fedora, Jinja | 2022-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. | |||||
| CVE-2022-0695 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | |||||
| CVE-2022-0476 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | |||||
| CVE-2022-0713 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-08 | 5.8 MEDIUM | 7.1 HIGH |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | |||||
| CVE-2022-0712 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-08 | 7.1 HIGH | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. | |||||
| CVE-2022-0676 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-08 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | |||||
| CVE-2021-45082 | 4 Cobbler Project, Fedoraproject, Opensuse and 1 more | 5 Cobbler, Fedora, Backports and 2 more | 2022-04-08 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) | |||||
| CVE-2022-0559 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. | |||||
| CVE-2022-0096 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0523 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-08 | 6.8 MEDIUM | 7.8 HIGH |
| Expired Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.2. | |||||
| CVE-2022-0522 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-08 | 5.8 MEDIUM | 7.1 HIGH |
| Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2. | |||||
| CVE-2022-0521 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-08 | 5.8 MEDIUM | 7.1 HIGH |
| Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. | |||||
| CVE-2022-0520 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-08 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in NPM radare2.js prior to 5.6.2. | |||||
| CVE-2022-0519 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-08 | 5.8 MEDIUM | 7.1 HIGH |
| Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. | |||||
| CVE-2022-0518 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-08 | 5.8 MEDIUM | 7.1 HIGH |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. | |||||
| CVE-2019-15165 | 7 Apple, Canonical, Debian and 4 more | 11 Ipados, Iphone Os, Mac Os X and 8 more | 2022-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | |||||
| CVE-2020-24265 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service. | |||||
| CVE-2020-24266 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service. | |||||