Fedora
CVEs (790)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0720 | Hig | 0.50 | 8.8 | 0.01 | Apr 21, 2017 | Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | ||
| CVE-2015-8567 | Hig | 0.50 | 7.7 | 0.06 | Apr 13, 2017 | Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | ||
| CVE-2023-43615 | Hig | 0.49 | 7.5 | 0.01 | Oct 7, 2023 | Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | ||
| CVE-2023-25136 | Med | 0.49 | 6.5 | 0.90 | Feb 3, 2023 | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd… | ||
| CVE-2022-3786 | Hig | 0.49 | 7.5 | 0.91 | Nov 1, 2022 | A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue… | ||
| CVE-2022-3602 | Hig | 0.49 | 7.5 | 0.90 | Nov 1, 2022 | A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to… | ||
| CVE-2022-29145 | Hig | 0.49 | 7.5 | 0.05 | May 10, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2022-29117 | Hig | 0.49 | 7.5 | 0.05 | May 10, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2022-24464 | Hig | 0.49 | 7.5 | 0.03 | Mar 9, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2021-45450 | Hig | 0.49 | 7.5 | 0.01 | Dec 21, 2021 | In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | ||
| CVE-2020-11022 | Med | 0.49 | 6.9 | 0.99 | Apr 29, 2020 | In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | ||
| CVE-2015-8008 | Hig | 0.49 | 7.5 | 0.03 | Dec 29, 2017 | The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | ||
| CVE-2014-8119 | Hig | 0.49 | 7.5 | 0.03 | Dec 29, 2017 | The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. | ||
| CVE-2015-1854 | Hig | 0.49 | 7.5 | 0.02 | Sep 19, 2017 | 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | ||
| CVE-2017-6362 | Hig | 0.49 | 7.5 | 0.05 | Sep 7, 2017 | Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. | ||
| CVE-2015-5705 | Hig | 0.49 | 7.5 | 0.03 | Sep 6, 2017 | Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | ||
| CVE-2017-13752 | Hig | 0.49 | 7.5 | 0.04 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||
| CVE-2017-13751 | Hig | 0.49 | 7.5 | 0.04 | Aug 29, 2017 | There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||
| CVE-2017-13750 | Hig | 0.49 | 7.5 | 0.04 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||
| CVE-2017-13749 | Hig | 0.49 | 7.5 | 0.04 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
- risk 0.50cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
- risk 0.50cvss 7.7epss 0.06
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
- risk 0.49cvss 7.5epss 0.01
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
- risk 0.49cvss 6.5epss 0.90
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd…
- risk 0.49cvss 7.5epss 0.91
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue…
- risk 0.49cvss 7.5epss 0.90
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to…
- risk 0.49cvss 7.5epss 0.05
.NET and Visual Studio Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.05
.NET and Visual Studio Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.03
.NET and Visual Studio Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.01
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
- risk 0.49cvss 6.9epss 0.99
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
- risk 0.49cvss 7.5epss 0.03
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
- risk 0.49cvss 7.5epss 0.03
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
- risk 0.49cvss 7.5epss 0.02
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
- risk 0.49cvss 7.5epss 0.05
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
- risk 0.49cvss 7.5epss 0.03
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
- risk 0.49cvss 7.5epss 0.04
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
- risk 0.49cvss 7.5epss 0.04
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
- risk 0.49cvss 7.5epss 0.04
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.
- risk 0.49cvss 7.5epss 0.04
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
Page 9 of 40