Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27769 3 Fedoraproject, Imagemagick, Redhat 3 Fedora, Imagemagick, Enterprise Linux Desktop 2023-03-11 4.3 MEDIUM 3.3 LOW
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.
CVE-2021-20251 2 Fedoraproject, Samba 2 Fedora, Samba 2023-03-10 N/A 5.9 MEDIUM
A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.
CVE-2022-38023 3 Fedoraproject, Microsoft, Netapp 8 Fedora, Windows Server 2008, Windows Server 2012 and 5 more 2023-03-10 N/A 8.1 HIGH
Netlogon RPC Elevation of Privilege Vulnerability
CVE-2022-37966 3 Fedoraproject, Microsoft, Netapp 8 Fedora, Windows Server 2008, Windows Server 2012 and 5 more 2023-03-10 N/A 8.1 HIGH
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
CVE-2022-37967 3 Fedoraproject, Microsoft, Netapp 8 Fedora, Windows Server 2008, Windows Server 2012 and 5 more 2023-03-10 N/A 7.2 HIGH
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2023-23916 3 Debian, Fedoraproject, Haxx 3 Debian Linux, Fedora, Curl 2023-03-09 N/A 7.5 HIGH
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
CVE-2021-21342 4 Debian, Fedoraproject, Oracle and 1 more 12 Debian Linux, Fedora, Banking Enterprise Default Management and 9 more 2023-03-09 5.8 MEDIUM 9.1 CRITICAL
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2023-1055 2 Fedoraproject, Redhat 2 Fedora, Directory Server 2023-03-08 N/A 5.5 MEDIUM
A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.
CVE-2019-15237 2 Fedoraproject, Roundcube 2 Fedora, Webmail 2023-03-07 4.3 MEDIUM 7.4 HIGH
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
CVE-2007-5000 6 Apache, Canonical, Fedoraproject and 3 more 7 Http Server, Ubuntu Linux, Fedora and 4 more 2023-03-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2022-37454 8 Debian, Extended Keccak Code Package Project, Fedoraproject and 5 more 8 Debian Linux, Extended Keccak Code Package, Fedora and 5 more 2023-03-06 N/A 9.8 CRITICAL
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
CVE-2019-12083 3 Fedoraproject, Opensuse, Rust-lang 3 Fedora, Leap, Rust 2023-03-03 6.8 MEDIUM 8.1 HIGH
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.
CVE-2019-11884 6 Canonical, Debian, Fedoraproject and 3 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2023-03-03 2.1 LOW 3.3 LOW
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.
CVE-2019-11459 6 Canonical, Debian, Fedoraproject and 3 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2023-03-03 4.3 MEDIUM 5.5 MEDIUM
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
CVE-2019-13616 6 Canonical, Debian, Fedoraproject and 3 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2023-03-03 5.8 MEDIUM 8.1 HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2022-39264 2 Fedoraproject, Nheko-reborn 2 Fedora, Nheko 2023-03-03 N/A 5.9 MEDIUM
nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one's own devices, and/or avoid pressing the request button in the settings menu.
CVE-2021-33193 4 Apache, Fedoraproject, Oracle and 1 more 5 Http Server, Fedora, Secure Backup and 2 more 2023-03-03 5.0 MEDIUM 7.5 HIGH
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
CVE-2022-41322 2 Fedoraproject, Kitty Project 2 Fedora, Kitty 2023-03-03 N/A 7.8 HIGH
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.
CVE-2019-13111 2 Exiv2, Fedoraproject 2 Exiv2, Fedora 2023-03-03 4.3 MEDIUM 5.5 MEDIUM
A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.
CVE-2019-14459 3 Debian, Fedoraproject, Nfdump Project 3 Debian Linux, Fedora, Nfdump 2023-03-03 5.0 MEDIUM 7.5 HIGH
nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).