Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1000019 | 6 Canonical, Debian, Fedoraproject and 3 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-11-21 | 6.5 Medium |
| libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. | ||||
| CVE-2019-0228 | 3 Apache, Fedoraproject, Oracle | 14 James, Pdfbox, Fedora and 11 more | 2024-11-21 | 9.8 Critical |
| Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. | ||||
| CVE-2019-0220 | 6 Apache, Canonical, Debian and 3 more | 8 Http Server, Ubuntu Linux, Debian Linux and 5 more | 2024-11-21 | N/A |
| A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. | ||||
| CVE-2019-0217 | 8 Apache, Canonical, Debian and 5 more | 16 Http Server, Ubuntu Linux, Debian Linux and 13 more | 2024-11-21 | 7.5 High |
| In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. | ||||
| CVE-2019-0215 | 3 Apache, Fedoraproject, Redhat | 3 Http Server, Fedora, Enterprise Linux | 2024-11-21 | N/A |
| In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. | ||||
| CVE-2019-0197 | 6 Apache, Canonical, Fedoraproject and 3 more | 12 Http Server, Ubuntu Linux, Fedora and 9 more | 2024-11-21 | 4.2 Medium |
| A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue. | ||||
| CVE-2019-0160 | 4 Fedoraproject, Opensuse, Redhat and 1 more | 8 Fedora, Leap, Enterprise Linux and 5 more | 2024-11-21 | 9.8 Critical |
| Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. | ||||
| CVE-2019-0001 | 2 Fedoraproject, Juniper | 2 Fedora, Junos | 2024-11-21 | 7.5 High |
| Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. | ||||
| CVE-2018-8786 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | 9.8 Critical |
| FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. | ||||
| CVE-2018-7262 | 2 Fedoraproject, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-11-21 | N/A |
| In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. | ||||
| CVE-2018-6003 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libtasn1 | 2024-11-21 | 7.5 High |
| An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. | ||||
| CVE-2018-5345 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | N/A |
| A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. | ||||
| CVE-2018-3849 | 2 Fedoraproject, Nasa | 2 Fedora, Cfitsio | 2024-11-21 | 8.8 High |
| In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | ||||
| CVE-2018-3848 | 2 Fedoraproject, Nasa | 2 Fedora, Cfitsio | 2024-11-21 | 8.8 High |
| In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | ||||
| CVE-2018-3846 | 2 Fedoraproject, Nasa | 2 Fedora, Cfitsio | 2024-11-21 | 8.8 High |
| In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | ||||
| CVE-2018-21029 | 2 Fedoraproject, Systemd Project | 2 Fedora, Systemd | 2024-11-21 | 9.8 Critical |
| systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent) | ||||
| CVE-2018-20843 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-11-21 | 7.5 High |
| In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | ||||
| CVE-2018-20662 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | 6.5 Medium |
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | ||||
| CVE-2018-20593 | 2 Fedoraproject, Msweet | 2 Fedora, Mini-xml | 2024-11-21 | N/A |
| In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. | ||||
| CVE-2018-20592 | 2 Fedoraproject, Msweet | 2 Fedora, Mini-xml | 2024-11-21 | N/A |
| In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc. | ||||