Filtered by vendor Fedoraproject
Subscribe
Total
5125 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-12173 | 2 Fedoraproject, Redhat | 6 Sssd, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. | |||||
CVE-2019-7637 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. | |||||
CVE-2019-5776 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||||
CVE-2019-5769 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2018-14598 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). | |||||
CVE-2019-5761 | 3 Fedoraproject, Google, Redhat | 5 Fedora, Chrome, Enterprise Linux Desktop and 2 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-7639 | 2 Fedoraproject, Gsi-openssh Project | 2 Fedora, Gsi-openssh | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file. | |||||
CVE-2019-8381 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
CVE-2018-18409 | 3 Canonical, Digitalcorpora, Fedoraproject | 3 Ubuntu Linux, Tcpflow, Fedora | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. | |||||
CVE-2019-5759 | 5 Apple, Debian, Fedoraproject and 2 more | 8 Macos, Debian Linux, Fedora and 5 more | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2018-14599 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. | |||||
CVE-2019-5775 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||||
CVE-2018-1000877 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. | |||||
CVE-2019-3463 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | |||||
CVE-2019-5763 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2018-17075 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit. | |||||
CVE-2018-18407 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service. | |||||
CVE-2019-5780 | 5 Apple, Debian, Fedoraproject and 2 more | 7 Macos, Debian Linux, Fedora and 4 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. | |||||
CVE-2019-7282 | 3 Debian, Fedoraproject, Netkit | 3 Debian Linux, Fedora, Netkit | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. | |||||
CVE-2019-5777 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |