Fedora
CVEs (790)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-1603 | Hig | 0.49 | 7.5 | 0.01 | May 11, 2009 | src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. | ||
| CVE-2008-4577 | Hig | 0.49 | 7.5 | 0.02 | Oct 15, 2008 | The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. | ||
| CVE-2008-0063 | Hig | 0.49 | 7.5 | 0.03 | Mar 19, 2008 | The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | ||
| CVE-2016-7966 | Hig | 0.48 | 7.3 | 0.02 | Dec 23, 2016 | Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available… | ||
| CVE-2015-8837 | Hig | 0.48 | 7.3 | 0.03 | Mar 30, 2016 | Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file. | ||
| CVE-2015-8836 | Hig | 0.48 | 7.3 | 0.02 | Mar 30, 2016 | Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer… | ||
| CVE-2015-8466 | Hig | 0.48 | 7.4 | 0.02 | Jan 13, 2016 | Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header. | ||
| CVE-2015-8400 | Hig | 0.48 | 7.4 | 0.02 | Jan 12, 2016 | The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. | ||
| CVE-2015-8370 | Hig | 0.48 | 7.4 | 0.01 | Dec 16, 2015 | Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in… | ||
| CVE-2015-8387 | Hig | 0.48 | 7.3 | 0.04 | Dec 2, 2015 | PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp… | ||
| CVE-2024-28960 | Hig | 0.46 | 8.2 | 0.01 | Mar 29, 2024 | An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. | ||
| CVE-2023-51767 | Hig | 0.46 | 7.0 | 0.01 | Dec 24, 2023 | OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of… | ||
| CVE-2021-41617 | Hig | 0.46 | 7.0 | 0.02 | Sep 26, 2021 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with… | ||
| CVE-2016-0721 | Hig | 0.46 | 8.1 | 0.02 | Apr 21, 2017 | Session fixation vulnerability in pcsd in pcs before 0.9.157. | ||
| CVE-2017-6313 | Hig | 0.46 | 7.1 | 0.02 | Mar 10, 2017 | Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. | ||
| CVE-2016-9014 | Hig | 0.46 | 8.1 | 0.06 | Dec 9, 2016 | Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. | ||
| CVE-2009-3611 | Hig | 0.46 | 7.1 | 0.00 | Oct 26, 2009 | common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying… | ||
| CVE-2014-9114 | Hig | 0.44 | 7.8 | 0.01 | Mar 31, 2017 | Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | ||
| CVE-2016-2312 | Med | 0.44 | 6.8 | 0.00 | Dec 23, 2016 | Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. | ||
| CVE-2016-3096 | Hig | 0.44 | 7.8 | 0.00 | Jun 3, 2016 | The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path… |
- risk 0.49cvss 7.5epss 0.01
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
- risk 0.49cvss 7.5epss 0.02
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
- risk 0.49cvss 7.5epss 0.03
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
- risk 0.48cvss 7.3epss 0.02
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available…
- risk 0.48cvss 7.3epss 0.03
Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file.
- risk 0.48cvss 7.3epss 0.02
Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer…
- risk 0.48cvss 7.4epss 0.02
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.
- risk 0.48cvss 7.4epss 0.02
The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.
- risk 0.48cvss 7.4epss 0.01
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in…
- risk 0.48cvss 7.3epss 0.04
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp…
- risk 0.46cvss 8.2epss 0.01
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
- risk 0.46cvss 7.0epss 0.01
OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of…
- risk 0.46cvss 7.0epss 0.02
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with…
- risk 0.46cvss 8.1epss 0.02
Session fixation vulnerability in pcsd in pcs before 0.9.157.
- risk 0.46cvss 7.1epss 0.02
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
- risk 0.46cvss 8.1epss 0.06
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
- risk 0.46cvss 7.1epss 0.00
common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying…
- risk 0.44cvss 7.8epss 0.01
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
- risk 0.44cvss 6.8epss 0.00
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
- risk 0.44cvss 7.8epss 0.00
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path…
Page 13 of 40