Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 5266 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7247 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-04-03 10.0 HIGH 9.8 CRITICAL
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVE-2023-5217 8 Apple, Debian, Fedoraproject and 5 more 11 Ipados, Iphone Os, Debian Linux and 8 more 2025-04-03 N/A 8.8 HIGH
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-22298 2 Fedoraproject, Pgadmin 2 Fedora, Pgadmin 4 2025-04-03 N/A 6.1 MEDIUM
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
CVE-2022-47021 2 Fedoraproject, Xiph 2 Fedora, Opusfile 2025-04-03 N/A 7.8 HIGH
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
CVE-2022-2294 6 Apple, Fedoraproject, Google and 3 more 12 Ipados, Iphone Os, Mac Os X and 9 more 2025-04-03 N/A 8.8 HIGH
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2024-1086 5 Debian, Fedoraproject, Linux and 2 more 15 Debian Linux, Fedora, Linux Kernel and 12 more 2025-04-02 N/A 7.8 HIGH
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
CVE-2021-33645 3 Fedoraproject, Feep, Openatom 3 Fedora, Libtar, Openeuler 2025-04-02 N/A 7.5 HIGH
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
CVE-2021-33646 3 Fedoraproject, Feep, Openatom 3 Fedora, Libtar, Openeuler 2025-04-02 N/A 7.5 HIGH
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
CVE-2021-33644 3 Fedoraproject, Feep, Openatom 3 Fedora, Libtar, Openeuler 2025-04-02 N/A 8.1 HIGH
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
CVE-2021-33643 3 Fedoraproject, Feep, Openatom 3 Fedora, Libtar, Openeuler 2025-04-02 N/A 9.1 CRITICAL
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
CVE-2021-33640 2 Fedoraproject, Openatom 2 Fedora, Openeuler 2025-04-02 N/A 6.2 MEDIUM
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).
CVE-2021-30858 3 Apple, Debian, Fedoraproject 5 Ipados, Iphone Os, Macos and 2 more 2025-04-02 6.8 MEDIUM 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2019-11287 5 Broadcom, Debian, Fedoraproject and 2 more 5 Rabbitmq Server, Debian Linux, Fedora and 2 more 2025-04-02 5.0 MEDIUM 7.5 HIGH
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
CVE-2024-2631 2 Fedoraproject, Google 2 Fedora, Chrome 2025-03-29 N/A 4.3 MEDIUM
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-5679 3 Fedoraproject, Isc, Netapp 3 Fedora, Bind, Active Iq Unified Manager 2025-03-29 N/A 7.5 HIGH
A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
CVE-2024-23284 4 Apple, Fedoraproject, Webkitgtk and 1 more 10 Ipados, Iphone Os, Macos and 7 more 2025-03-28 N/A 6.5 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
CVE-2024-4950 2 Fedoraproject, Google 2 Fedora, Chrome 2025-03-28 N/A 6.5 MEDIUM
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-2887 2 Fedoraproject, Google 2 Fedora, Chrome 2025-03-28 N/A 7.7 HIGH
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2024-28757 3 Fedoraproject, Libexpat Project, Netapp 21 Fedora, Libexpat, Active Iq Unified Manager and 18 more 2025-03-28 N/A 7.5 HIGH
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
CVE-2020-1938 7 Apache, Blackberry, Debian and 4 more 21 Geode, Tomcat, Good Control and 18 more 2025-03-28 7.5 HIGH 9.8 CRITICAL
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.