Lucene search

K
FedoraprojectFedora

5296 matches found

CVE
CVE
added 2023/07/20 3:15 a.m.29801 views

CVE-2023-38408

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because ...

9.8CVSS8.3AI score0.67828EPSS
CVE
CVE
added 2022/06/09 5:15 p.m.18157 views

CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

9.8CVSS9.4AI score0.00052EPSS
CVE
CVE
added 2021/09/26 7:15 p.m.16448 views

CVE-2021-41617

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with gr...

7CVSS7.5AI score0.01864EPSS
CVE
CVE
added 2019/04/08 10:29 p.m.14221 views

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually ro...

7.8CVSS7.2AI score0.86076EPSS
CVE
CVE
added 2019/01/31 6:29 p.m.13326 views

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented)...

5.9CVSS6.3AI score0.6573EPSS
CVE
CVE
added 2013/11/19 4:50 a.m.13020 views

CVE-2013-6629

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG mark...

5CVSS6.1AI score0.0021EPSS
CVE
CVE
added 2014/06/05 9:55 p.m.12801 views

CVE-2014-3470

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certifi...

4.3CVSS7.4AI score0.90829EPSS
CVE
CVE
added 2021/03/05 9:15 p.m.12585 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

7.1CVSS6.8AI score0.00275EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.12369 views

CVE-2014-1491

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote...

4.3CVSS8.4AI score0.0011EPSS
CVE
CVE
added 2020/08/07 4:15 p.m.11748 views

CVE-2020-11984

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

9.8CVSS9.3AI score0.82217EPSS
CVE
CVE
added 2022/03/14 11:15 a.m.9900 views

CVE-2022-23943

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

9.8CVSS9.2AI score0.64142EPSS
CVE
CVE
added 2024/02/27 2:15 a.m.8848 views

CVE-2024-25711

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

7.5CVSS6.2AI score0.03162EPSS
CVE
CVE
added 2024/03/10 5:15 a.m.8285 views

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

7.5CVSS7.4AI score0.00474EPSS
CVE
CVE
added 2022/03/14 11:15 a.m.7621 views

CVE-2022-22720

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

9.8CVSS9.4AI score0.29926EPSS
CVE
CVE
added 2021/06/10 7:15 a.m.7254 views

CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow

9.8CVSS9.2AI score0.47495EPSS
CVE
CVE
added 2024/03/03 9:15 p.m.6946 views

CVE-2024-28084

p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails.

7.5CVSS7.9AI score0.00077EPSS
CVE
CVE
added 2020/04/29 10:15 p.m.6939 views

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

6.9CVSS7.2AI score0.02566EPSS
CVE
CVE
added 2024/02/21 4:15 a.m.6874 views

CVE-2024-1674

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS4.8AI score0.00012EPSS
CVE
CVE
added 2024/02/21 4:15 a.m.6871 views

CVE-2024-1675

Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS4.8AI score0.00065EPSS
CVE
CVE
added 2021/12/20 12:15 p.m.6740 views

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earl...

9.8CVSS9.9AI score0.86206EPSS
CVE
CVE
added 2021/01/20 5:15 p.m.6727 views

CVE-2020-25682

A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary da...

8.3CVSS8.3AI score0.38586EPSS
CVE
CVE
added 2020/04/29 9:15 p.m.6686 views

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3...

6.9CVSS7.2AI score0.21987EPSS
CVE
CVE
added 2021/09/16 3:15 p.m.6370 views

CVE-2021-39275

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

9.8CVSS9.3AI score0.44803EPSS
CVE
CVE
added 2024/02/21 4:15 a.m.6228 views

CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

9.8CVSS4.7AI score0.00186EPSS
CVE
CVE
added 2024/02/21 7:15 a.m.6217 views

CVE-2023-42843

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.

7.5CVSS5.2AI score0.00085EPSS
CVE
CVE
added 2024/02/21 4:15 a.m.6143 views

CVE-2024-1669

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.1AI score0.00164EPSS
CVE
CVE
added 2024/02/26 4:27 p.m.5867 views

CVE-2024-25082

Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.

6.5CVSS8.7AI score0.00875EPSS
CVE
CVE
added 2021/12/10 10:15 a.m.5825 views

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message ...

10CVSS10AI score0.94358EPSS
CVE
CVE
added 2021/06/01 1:15 p.m.5810 views

CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

7.7CVSS6.3AI score0.79436EPSS
CVE
CVE
added 2020/04/02 12:15 a.m.5760 views

CVE-2020-1927

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

6.1CVSS6.7AI score0.12344EPSS
CVE
CVE
added 2019/08/13 9:15 p.m.5681 views

CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

7.8CVSS7.7AI score0.04868EPSS
CVE
CVE
added 2024/04/10 12:15 p.m.5533 views

CVE-2024-31309

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION fr...

7.5CVSS7.5AI score0.02807EPSS
CVE
CVE
added 2020/04/01 8:15 p.m.5359 views

CVE-2020-1934

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

5.3CVSS6AI score0.36779EPSS
CVE
CVE
added 2019/08/13 9:15 p.m.5221 views

CVE-2019-9517

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the byt...

7.8CVSS7.7AI score0.04499EPSS
CVE
CVE
added 2024/04/04 8:15 p.m.4717 views

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

7.3CVSS7.1AI score0.03698EPSS
CVE
CVE
added 2019/01/31 6:29 p.m.4592 views

CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This a...

6.8CVSS6.7AI score0.06723EPSS
CVE
CVE
added 2024/02/21 4:15 a.m.4587 views

CVE-2024-1670

Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.8AI score0.00309EPSS
CVE
CVE
added 2023/10/10 2:15 p.m.4468 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.9441EPSS
CVE
CVE
added 2021/09/16 3:15 p.m.4452 views

CVE-2021-40438

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

9CVSS9.5AI score0.94443EPSS
CVE
CVE
added 2019/06/11 9:29 p.m.4405 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6.4AI score0.22292EPSS
CVE
CVE
added 2024/02/26 4:27 p.m.4307 views

CVE-2024-25081

Splinefont in FontForge through 20230101 allows command injection via crafted filenames.

4.2CVSS8.7AI score0.00052EPSS
CVE
CVE
added 2021/01/26 9:15 p.m.4241 views

CVE-2021-3156

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

7.8CVSS8.3AI score0.92188EPSS
CVE
CVE
added 2024/02/27 3:15 p.m.4165 views

CVE-2024-27507

libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.

7.5CVSS6.3AI score0.00066EPSS
CVE
CVE
added 2019/10/28 3:15 p.m.4121 views

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

9.8CVSS9.6AI score0.94062EPSS
CVE
CVE
added 2020/02/24 10:15 p.m.4085 views

CVE-2020-1938

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

9.8CVSS9.9AI score0.94465EPSS
CVE
CVE
added 2014/04/07 10:55 p.m.3934 views

CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys,...

7.5CVSS7.5AI score0.94436EPSS
CVE
CVE
added 2024/02/21 4:15 a.m.3930 views

CVE-2024-1673

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

8.8CVSS5.9AI score0.0036EPSS
CVE
CVE
added 2024/02/21 7:15 p.m.3930 views

CVE-2024-24479

A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

7.5CVSS6.5AI score0.00289EPSS
CVE
CVE
added 2024/02/21 4:15 a.m.3925 views

CVE-2024-1672

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS4.8AI score0.00042EPSS
CVE
CVE
added 2023/12/18 4:15 p.m.3848 views

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connecti...

5.9CVSS6.7AI score0.72252EPSS
Total number of security vulnerabilities5296