Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 3321 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24903 2 Fedoraproject, Rsyslog 2 Fedora, Rsyslog 2022-05-17 6.8 MEDIUM 8.1 HIGH
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.
CVE-2021-4166 7 Apple, Debian, Fedoraproject and 4 more 7 Macos, Debian Linux, Fedora and 4 more 2022-05-17 5.8 MEDIUM 7.1 HIGH
vim is vulnerable to Out-of-bounds Read
CVE-2022-0530 3 Fedoraproject, Redhat, Unzip Project 3 Fedora, Enterprise Linux, Unzip 2022-05-17 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVE-2021-4192 4 Apple, Debian, Fedoraproject and 1 more 4 Macos, Debian Linux, Fedora and 1 more 2022-05-17 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Use After Free
CVE-2022-0778 4 Debian, Fedoraproject, Netapp and 1 more 12 Debian Linux, Fedora, 500f and 9 more 2022-05-17 5.0 MEDIUM 7.5 HIGH
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
CVE-2022-22721 3 Apache, Debian, Fedoraproject 3 Http Server, Debian Linux, Fedora 2022-05-17 6.8 MEDIUM 9.8 CRITICAL
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
CVE-2021-4187 3 Apple, Fedoraproject, Vim 3 Macos, Fedora, Vim 2022-05-17 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Use After Free
CVE-2021-4193 4 Apple, Debian, Fedoraproject and 1 more 4 Macos, Debian Linux, Fedora and 1 more 2022-05-17 4.3 MEDIUM 5.5 MEDIUM
vim is vulnerable to Out-of-bounds Read
CVE-2021-4173 3 Apple, Fedoraproject, Vim 3 Macos, Fedora, Vim 2022-05-17 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Use After Free
CVE-2021-4136 3 Apple, Fedoraproject, Vim 3 Macos, Fedora, Vim 2022-05-17 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Heap-based Buffer Overflow
CVE-2018-25032 3 Debian, Fedoraproject, Zlib 3 Debian Linux, Fedora, Zlib 2022-05-17 5.0 MEDIUM 7.5 HIGH
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2021-44224 5 Apache, Debian, Fedoraproject and 2 more 5 Http Server, Debian Linux, Fedora and 2 more 2022-05-17 6.4 MEDIUM 8.2 HIGH
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
CVE-2022-22719 3 Apache, Debian, Fedoraproject 3 Http Server, Debian Linux, Fedora 2022-05-17 5.0 MEDIUM 7.5 HIGH
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
CVE-2021-44790 6 Apache, Debian, Fedoraproject and 3 more 6 Http Server, Debian Linux, Fedora and 3 more 2022-05-17 7.5 HIGH 9.8 CRITICAL
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
CVE-2021-45444 3 Debian, Fedoraproject, Zsh 3 Debian Linux, Fedora, Zsh 2022-05-17 5.1 MEDIUM 7.8 HIGH
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
CVE-2022-22720 3 Apache, Debian, Fedoraproject 3 Http Server, Debian Linux, Fedora 2022-05-17 7.5 HIGH 9.8 CRITICAL
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
CVE-2022-29824 2 Fedoraproject, Xmlsoft 3 Fedora, Libxml2, Libxslt 2022-05-17 4.3 MEDIUM 6.5 MEDIUM
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
CVE-2022-0572 2 Fedoraproject, Vim 2 Fedora, Vim 2022-05-16 6.8 MEDIUM 7.8 HIGH
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0413 2 Fedoraproject, Vim 2 Fedora, Vim 2022-05-16 6.8 MEDIUM 7.8 HIGH
Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-1619 2 Fedoraproject, Vim 2 Fedora, Vim 2022-05-16 6.8 MEDIUM 7.8 HIGH
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution