Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 3323 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26691 4 Apple, Debian, Fedoraproject and 1 more 6 Cups, Mac Os X, Macos and 3 more 2022-06-16 7.2 HIGH 6.7 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
CVE-2021-23648 2 Fedoraproject, Paypal 2 Fedora, Braintree\/sanitize-url 2022-06-15 4.3 MEDIUM 6.1 MEDIUM
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.
CVE-2022-1998 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2022-06-15 7.2 HIGH 7.8 HIGH
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2022-1789 4 Debian, Fedoraproject, Linux and 1 more 4 Debian Linux, Fedora, Linux Kernel and 1 more 2022-06-15 6.9 MEDIUM 6.8 MEDIUM
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
CVE-2020-27818 3 Debian, Fedoraproject, Libpng 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more 2022-06-15 4.3 MEDIUM 3.3 LOW
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
CVE-2022-1708 3 Fedoraproject, Kubernetes, Redhat 4 Fedora, Cri-o, Enterprise Linux and 1 more 2022-06-14 7.8 HIGH 7.5 HIGH
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.
CVE-2020-27842 5 Debian, Fedoraproject, Oracle and 2 more 11 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 8 more 2022-06-14 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.
CVE-2021-43559 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2022-06-14 6.8 MEDIUM 8.8 HIGH
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
CVE-2022-0725 2 Fedoraproject, Keepass 3 Extra Packages For Enterprise Linux, Fedora, Keepass 2022-06-14 5.0 MEDIUM 7.5 HIGH
A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.
CVE-2021-23727 2 Celeryproject, Fedoraproject 3 Celery, Extra Packages For Enterprise Linux, Fedora 2022-06-14 6.0 MEDIUM 7.5 HIGH
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.
CVE-2021-45079 4 Canonical, Debian, Fedoraproject and 1 more 5 Ubuntu Linux, Debian Linux, Extra Packages For Enterprise Linux and 2 more 2022-06-14 5.8 MEDIUM 9.1 CRITICAL
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
CVE-2021-3733 4 Fedoraproject, Netapp, Python and 1 more 20 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 17 more 2022-06-14 4.0 MEDIUM 6.5 MEDIUM
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
CVE-2021-43560 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2022-06-14 5.0 MEDIUM 5.3 MEDIUM
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
CVE-2021-43558 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2022-06-14 4.3 MEDIUM 6.1 MEDIUM
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.
CVE-2022-21698 3 Fedoraproject, Prometheus, Rdo Project 4 Extra Packages For Enterprise Linux, Fedora, Client Golang and 1 more 2022-06-14 5.0 MEDIUM 7.5 HIGH
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.
CVE-2021-36221 4 Debian, Fedoraproject, Golang and 1 more 4 Debian Linux, Fedora, Go and 1 more 2022-06-14 4.3 MEDIUM 5.9 MEDIUM
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
CVE-2021-41091 2 Fedoraproject, Mobyproject 2 Fedora, Moby 2022-06-14 4.6 MEDIUM 6.3 MEDIUM
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.
CVE-2021-33910 4 Debian, Fedoraproject, Netapp and 1 more 5 Debian Linux, Fedora, Hci Management Node and 2 more 2022-06-14 4.9 MEDIUM 5.5 MEDIUM
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
CVE-2021-34798 7 Apache, Broadcom, Debian and 4 more 14 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 11 more 2022-06-14 5.0 MEDIUM 7.5 HIGH
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-41089 2 Fedoraproject, Mobyproject 2 Fedora, Moby 2022-06-14 4.4 MEDIUM 6.3 MEDIUM
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.