Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8835 4 Canonical, Fedoraproject, Linux and 1 more 47 Ubuntu Linux, Fedora, Linux Kernel and 44 more 2023-02-24 7.2 HIGH 7.8 HIGH
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)
CVE-2021-29154 4 Debian, Fedoraproject, Linux and 1 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2023-02-24 7.2 HIGH 7.8 HIGH
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
CVE-2021-33200 3 Fedoraproject, Linux, Netapp 19 Fedora, Linux Kernel, Cloud Backup and 16 more 2023-02-24 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
CVE-2021-28021 3 Debian, Fedoraproject, Stb Project 3 Debian Linux, Fedora, Stb 2023-02-24 6.8 MEDIUM 7.8 HIGH
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
CVE-2021-3743 4 Fedoraproject, Linux, Netapp and 1 more 21 Fedora, Linux Kernel, Baseboard Management Controller H300e and 18 more 2023-02-24 3.6 LOW 7.1 HIGH
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2021-43976 5 Debian, Fedoraproject, Linux and 2 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2023-02-24 2.1 LOW 4.6 MEDIUM
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVE-2021-3752 6 Debian, Fedoraproject, Linux and 3 more 27 Debian Linux, Fedora, Linux Kernel and 24 more 2023-02-24 7.9 HIGH 7.1 HIGH
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3773 4 Fedoraproject, Linux, Oracle and 1 more 6 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more 2023-02-24 7.5 HIGH 9.8 CRITICAL
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
CVE-2021-24119 3 Arm, Debian, Fedoraproject 3 Mbed Tls, Debian Linux, Fedora 2023-02-23 4.0 MEDIUM 4.9 MEDIUM
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
CVE-2020-10941 3 Arm, Debian, Fedoraproject 4 Mbed Crypto, Mbed Tls, Debian Linux and 1 more 2023-02-23 4.3 MEDIUM 5.9 MEDIUM
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
CVE-2022-3705 4 Debian, Fedoraproject, Netapp and 1 more 4 Debian Linux, Fedora, Active Iq Unified Manager and 1 more 2023-02-23 N/A 7.5 HIGH
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
CVE-2019-6109 9 Canonical, Debian, Fedoraproject and 6 more 28 Ubuntu Linux, Debian Linux, Fedora and 25 more 2023-02-23 4.0 MEDIUM 6.8 MEDIUM
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
CVE-2022-4283 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2023-02-23 N/A 7.8 HIGH
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46344 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2023-02-23 N/A 8.8 HIGH
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46343 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2023-02-23 N/A 8.8 HIGH
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46342 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2023-02-23 N/A 8.8 HIGH
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
CVE-2021-3638 2 Fedoraproject, Qemu 2 Fedora, Qemu 2023-02-23 2.1 LOW 6.5 MEDIUM
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
CVE-2021-43138 2 Async Project, Fedoraproject 2 Async, Fedora 2023-02-23 6.8 MEDIUM 7.8 HIGH
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
CVE-2022-29153 2 Fedoraproject, Hashicorp 2 Fedora, Consul 2023-02-23 5.0 MEDIUM 7.5 HIGH
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
CVE-2022-32212 4 Debian, Fedoraproject, Nodejs and 1 more 4 Debian Linux, Fedora, Node.js and 1 more 2023-02-23 N/A 8.1 HIGH
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.