Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 2671 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44228 9 Apache, Cisco, Debian and 6 more 153 Log4j, Advanced Malware Protection Virtual Private Cloud Appliance, Automated Subsea Tuning and 150 more 2022-01-18 9.3 HIGH 10.0 CRITICAL
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVE-2021-4104 3 Apache, Fedoraproject, Redhat 20 Log4j, Fedora, Codeready Studio and 17 more 2022-01-18 6.0 MEDIUM 7.5 HIGH
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVE-2020-12693 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-01-17 5.1 MEDIUM 8.1 HIGH
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
CVE-2021-31215 2 Fedoraproject, Schedmd 2 Fedora, Slurm 2022-01-17 6.5 MEDIUM 8.8 HIGH
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
CVE-2021-46142 4 Debian, Fedoraproject, Opensuse and 1 more 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more 2022-01-15 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
CVE-2021-46141 4 Debian, Fedoraproject, Opensuse and 1 more 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more 2022-01-15 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
CVE-2021-23727 2 Celeryproject, Fedoraproject 3 Celery, Fedora, Fedora Extra Packages For Enterprise Linux 2022-01-15 6.0 MEDIUM 7.5 HIGH
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.
CVE-2021-4187 2 Fedoraproject, Vim 2 Fedora, Vim 2022-01-15 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Use After Free
CVE-2021-3984 2 Fedoraproject, Vim 2 Fedora, Vim 2022-01-15 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3875 2 Fedoraproject, Vim 2 Fedora, Vim 2022-01-15 4.3 MEDIUM 5.5 MEDIUM
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3973 2 Fedoraproject, Vim 2 Fedora, Vim 2022-01-15 9.3 HIGH 7.8 HIGH
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3974 2 Fedoraproject, Vim 2 Fedora, Vim 2022-01-15 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Use After Free
CVE-2021-3927 2 Fedoraproject, Vim 2 Fedora, Vim 2022-01-15 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-4069 2 Fedoraproject, Vim 2 Fedora, Vim 2022-01-15 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Use After Free
CVE-2021-4019 2 Fedoraproject, Vim 2 Fedora, Vim 2022-01-15 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3903 2 Fedoraproject, Vim 2 Fedora, Vim 2022-01-15 4.6 MEDIUM 7.8 HIGH
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3928 2 Fedoraproject, Vim 2 Fedora, Vim 2022-01-15 4.6 MEDIUM 7.8 HIGH
vim is vulnerable to Use of Uninitialized Variable
CVE-2021-3968 2 Fedoraproject, Vim 2 Fedora, Vim 2022-01-15 8.5 HIGH 8.0 HIGH
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-37973 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-15 6.8 MEDIUM 9.6 CRITICAL
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-37956 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-15 6.8 MEDIUM 8.8 HIGH
Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.