Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 5114 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-1000019 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.
CVE-2019-3811 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Sssd and 2 more 2023-12-10 2.7 LOW 5.2 MEDIUM
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
CVE-2019-5766 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-5754 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.
CVE-2019-8379 4 Advancemame, Debian, Fedoraproject and 1 more 6 Advancecomp, Debian Linux, Fedora and 3 more 2023-12-10 6.8 MEDIUM 7.8 HIGH
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
CVE-2019-8377 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2023-12-10 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2018-16883 1 Fedoraproject 1 Sssd 2023-12-10 2.1 LOW 5.5 MEDIUM
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
CVE-2019-5778 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.
CVE-2017-2668 2 Fedoraproject, Redhat 4 389 Directory Server, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.
CVE-2014-1399 2 Entity Api Project, Fedoraproject 2 Entity Api, Fedora 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.
CVE-2018-10196 3 Canonical, Fedoraproject, Graphviz 3 Ubuntu Linux, Fedora, Graphviz 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2011-0704 1 Fedoraproject 1 389 Directory Server 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.
CVE-2018-1111 2 Fedoraproject, Redhat 7 Fedora, Enterprise Linux, Enterprise Linux Desktop and 4 more 2023-12-10 7.9 HIGH 7.5 HIGH
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
CVE-2018-1061 5 Canonical, Debian, Fedoraproject and 2 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVE-2018-3846 2 Fedoraproject, Nasa 2 Fedora, Cfitsio 2023-12-10 6.8 MEDIUM 8.8 HIGH
In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
CVE-2018-5729 4 Debian, Fedoraproject, Mit and 1 more 6 Debian Linux, Fedora, Kerberos 5 and 3 more 2023-12-10 6.5 MEDIUM 4.7 MEDIUM
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
CVE-2018-1090 3 Fedoraproject, Pulpproject, Redhat 3 Fedora, Pulp, Satellite 2023-12-10 5.0 MEDIUM 7.5 HIGH
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
CVE-2018-10753 3 Debian, Fedoraproject, Moinejf 3 Debian Linux, Fedora, Abcm2ps 2023-12-10 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-1060 5 Canonical, Debian, Fedoraproject and 2 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2018-13405 6 Canonical, Debian, F5 and 3 more 27 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 24 more 2023-12-10 4.6 MEDIUM 7.8 HIGH
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.