Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 5114 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19012 4 Debian, Fedoraproject, Oniguruma Project and 1 more 4 Debian Linux, Fedora, Oniguruma and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
CVE-2020-10029 6 Canonical, Debian, Fedoraproject and 3 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2023-12-10 2.1 LOW 5.5 MEDIUM
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
CVE-2020-10188 6 Arista, Debian, Fedoraproject and 3 more 6 Eos, Debian Linux, Fedora and 3 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
CVE-2020-6403 7 Apple, Debian, Fedoraproject and 4 more 10 Iphone Os, Debian Linux, Fedora and 7 more 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2019-11046 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
CVE-2013-1931 2 Fedoraproject, Mantisbt 2 Fedora, Mantisbt 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.
CVE-2020-6418 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-16943 6 Debian, Fasterxml, Fedoraproject and 3 more 27 Debian Linux, Jackson-databind, Fedora and 24 more 2023-12-10 6.8 MEDIUM 9.8 CRITICAL
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
CVE-2020-6383 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6379 2 Fedoraproject, Google 2 Fedora, Chrome 2023-12-10 6.8 MEDIUM 8.8 HIGH
Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2016-1000037 2 Fedoraproject, Redhat 3 Fedora, Enterprise Linux, Pagure 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Pagure: XSS possible in file attachment endpoint
CVE-2019-18679 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
CVE-2019-19648 2 Fedoraproject, Virustotal 2 Fedora, Yara 2023-12-10 6.8 MEDIUM 7.8 HIGH
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
CVE-2019-20477 2 Fedoraproject, Pyyaml 2 Fedora, Pyyaml 2023-12-10 7.5 HIGH 9.8 CRITICAL
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
CVE-2011-2924 3 Debian, Fedoraproject, Linuxfoundation 3 Debian Linux, Fedora, Foomatic-filters 2023-12-10 3.3 LOW 5.5 MEDIUM
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
CVE-2019-17498 5 Debian, Fedoraproject, Libssh2 and 2 more 11 Debian Linux, Fedora, Libssh2 and 8 more 2023-12-10 5.8 MEDIUM 8.1 HIGH
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
CVE-2015-5745 3 Arista, Fedoraproject, Qemu 3 Eos, Fedora, Qemu 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
CVE-2020-6860 2 Fedoraproject, Symonics 2 Fedora, Libmysofa 2023-12-10 6.8 MEDIUM 8.8 HIGH
libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.
CVE-2010-4177 2 Fedoraproject, Oracle 2 Fedora, Mysql-gui-tools 2023-12-10 2.1 LOW 5.5 MEDIUM
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.
CVE-2019-19246 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.