Filtered by vendor Fedoraproject Subscriptions
Filtered by product Fedora Subscriptions
Total 5244 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-16009 7 Cefsharp, Debian, Fedoraproject and 4 more 9 Cefsharp, Debian Linux, Fedora and 6 more 2025-02-05 8.8 High
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-7247 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-02-04 9.8 Critical
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVE-2020-36193 5 Debian, Drupal, Fedoraproject and 2 more 6 Debian Linux, Drupal, Fedora and 3 more 2025-02-04 7.5 High
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
CVE-2020-35730 3 Debian, Fedoraproject, Roundcube 3 Debian Linux, Fedora, Webmail 2025-02-04 6.1 Medium
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
CVE-2019-13272 6 Canonical, Debian, Fedoraproject and 3 more 25 Ubuntu Linux, Debian Linux, Fedora and 22 more 2025-02-04 7.8 High
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
CVE-2021-45046 8 Apache, Cvat, Debian and 5 more 70 Log4j, Computer Vision Annotation Tool, Debian Linux and 67 more 2025-02-04 9 Critical
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
CVE-2021-44026 3 Debian, Fedoraproject, Roundcube 3 Debian Linux, Fedora, Webmail 2025-02-04 9.8 Critical
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
CVE-2019-16928 4 Canonical, Debian, Exim and 1 more 4 Ubuntu Linux, Debian Linux, Exim and 1 more 2025-02-04 9.8 Critical
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
CVE-2020-1472 9 Canonical, Debian, Fedoraproject and 6 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2025-02-04 5.5 Medium
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
CVE-2022-0847 7 Fedoraproject, Linux, Netapp and 4 more 42 Fedora, Linux Kernel, H300e and 39 more 2025-02-04 7.8 High
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
CVE-2023-20867 4 Debian, Fedoraproject, Redhat and 1 more 8 Debian Linux, Fedora, Enterprise Linux and 5 more 2025-02-04 3.9 Low
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
CVE-2021-21166 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-04 8.8 High
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2024-32039 3 Fedoraproject, Freerdp, Redhat 3 Fedora, Freerdp, Enterprise Linux 2025-02-04 9.8 Critical
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
CVE-2024-32460 3 Fedoraproject, Freerdp, Redhat 3 Fedora, Freerdp, Enterprise Linux 2025-02-04 8.1 High
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.
CVE-2024-32459 3 Fedoraproject, Freerdp, Redhat 3 Fedora, Freerdp, Enterprise Linux 2025-02-04 9.8 Critical
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.
CVE-2024-32458 3 Fedoraproject, Freerdp, Redhat 3 Fedora, Freerdp, Enterprise Linux 2025-02-04 9.8 Critical
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).
CVE-2024-32041 3 Fedoraproject, Freerdp, Redhat 3 Fedora, Freerdp, Enterprise Linux 2025-02-04 9.8 Critical
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.
CVE-2024-32040 3 Fedoraproject, Freerdp, Redhat 3 Fedora, Freerdp, Enterprise Linux 2025-02-04 8.1 High
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).
CVE-2024-32662 3 Fedoraproject, Freerdp, Redhat 3 Fedora, Freerdp, Enterprise Linux 2025-02-04 7.5 High
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVE-2024-32661 3 Fedoraproject, Freerdp, Redhat 3 Fedora, Freerdp, Enterprise Linux 2025-02-04 7.5 High
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.