Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 2130 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20454 3 Fedoraproject, Pcre, Splunk 3 Fedora, Pcre2, Universal Forwarder 2024-03-27 5.0 MEDIUM 7.5 HIGH
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
CVE-2021-31566 5 Debian, Fedoraproject, Libarchive and 2 more 14 Debian Linux, Fedora, Libarchive and 11 more 2024-03-27 N/A 7.8 HIGH
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
CVE-2020-8285 9 Apple, Debian, Fedoraproject and 6 more 30 Mac Os X, Macos, Debian Linux and 27 more 2024-03-27 5.0 MEDIUM 7.5 HIGH
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-8286 8 Apple, Debian, Fedoraproject and 5 more 20 Mac Os X, Macos, Debian Linux and 17 more 2024-03-27 5.0 MEDIUM 7.5 HIGH
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
CVE-2021-22946 8 Apple, Debian, Fedoraproject and 5 more 37 Macos, Debian Linux, Fedora and 34 more 2024-03-27 5.0 MEDIUM 7.5 HIGH
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.
CVE-2022-42915 5 Apple, Fedoraproject, Haxx and 2 more 13 Macos, Fedora, Curl and 10 more 2024-03-27 N/A 8.1 HIGH
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.
CVE-2022-42916 4 Apple, Fedoraproject, Haxx and 1 more 4 Macos, Fedora, Curl and 1 more 2024-03-27 N/A 7.5 HIGH
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
CVE-2022-43551 4 Fedoraproject, Haxx, Netapp and 1 more 7 Fedora, Curl, Active Iq Unified Manager and 4 more 2024-03-27 N/A 7.5 HIGH
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.
CVE-2023-27533 4 Fedoraproject, Haxx, Netapp and 1 more 13 Fedora, Curl, Active Iq Unified Manager and 10 more 2024-03-27 N/A 8.8 HIGH
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.
CVE-2023-27534 5 Broadcom, Fedoraproject, Haxx and 2 more 13 Brocade Fabric Operating System Firmware, Fedora, Curl and 10 more 2024-03-27 N/A 8.8 HIGH
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
CVE-2023-43655 2 Fedoraproject, Getcomposer 2 Fedora, Composer 2024-03-27 N/A 8.8 HIGH
Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice.
CVE-2022-38223 2 Fedoraproject, Tats 2 Fedora, W3m 2024-03-27 N/A 7.8 HIGH
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
CVE-2023-40548 2 Fedoraproject, Redhat 2 Fedora, Shim 2024-03-26 N/A 7.4 HIGH
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
CVE-2024-0553 3 Fedoraproject, Gnu, Redhat 3 Fedora, Gnutls, Enterprise Linux 2024-03-25 N/A 7.5 HIGH
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
CVE-2022-23222 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2024-03-25 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
CVE-2021-44733 5 Debian, Fedoraproject, Linux and 2 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2024-03-25 4.4 MEDIUM 7.0 HIGH
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVE-2021-33200 3 Fedoraproject, Linux, Netapp 19 Fedora, Linux Kernel, Cloud Backup and 16 more 2024-03-25 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
CVE-2021-32606 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-03-25 7.2 HIGH 7.8 HIGH
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
CVE-2021-29154 4 Debian, Fedoraproject, Linux and 1 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2024-03-25 7.2 HIGH 7.8 HIGH
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
CVE-2021-26930 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2024-03-25 4.6 MEDIUM 7.8 HIGH
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.