Lucene search

K
FedoraprojectFedora

5307 matches found

CVE
CVE
added 2021/02/24 3:15 p.m.216 views

CVE-2021-27645

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

2.5CVSS5.9AI score0.00037EPSS
CVE
CVE
added 2021/06/07 8:15 p.m.216 views

CVE-2021-30539

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

5.8CVSS5.6AI score0.00104EPSS
CVE
CVE
added 2021/04/08 11:15 p.m.216 views

CVE-2021-3482

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

6.5CVSS6.6AI score0.00202EPSS
CVE
CVE
added 2023/06/06 8:15 p.m.216 views

CVE-2023-2603

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

7.8CVSS7.8AI score0.01146EPSS
CVE
CVE
added 2020/06/25 7:15 p.m.215 views

CVE-2020-10177

Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.

5.5CVSS6.3AI score0.00282EPSS
CVE
CVE
added 2020/05/19 7:15 p.m.215 views

CVE-2020-10722

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.

6.7CVSS7AI score0.00198EPSS
CVE
CVE
added 2020/08/24 3:15 p.m.215 views

CVE-2020-14367

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file na...

6CVSS5.7AI score0.00308EPSS
CVE
CVE
added 2020/03/11 7:15 p.m.215 views

CVE-2020-1733

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 7...

5CVSS5.8AI score0.00036EPSS
CVE
CVE
added 2021/02/22 10:15 p.m.215 views

CVE-2021-21150

Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.3AI score0.00779EPSS
CVE
CVE
added 2021/04/26 5:15 p.m.215 views

CVE-2021-21222

Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

6.5CVSS6.9AI score0.00393EPSS
CVE
CVE
added 2022/07/14 3:15 p.m.215 views

CVE-2022-32213

The llhttp parser <v14.20.1, <v16.17.1 and

6.5CVSS7.2AI score0.89015EPSS
CVE
CVE
added 2024/02/24 5:15 a.m.215 views

CVE-2024-21501

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details abou...

5.3CVSS5AI score0.01341EPSS
CVE
CVE
added 2019/01/03 1:29 p.m.214 views

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

6.5CVSS6.7AI score0.00468EPSS
CVE
CVE
added 2020/10/06 3:15 p.m.214 views

CVE-2020-26575

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.

7.5CVSS7.3AI score0.02233EPSS
CVE
CVE
added 2021/04/09 10:15 p.m.214 views

CVE-2021-21196

Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.01044EPSS
CVE
CVE
added 2021/04/26 7:15 p.m.214 views

CVE-2021-29473

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metada...

2.6CVSS5.3AI score0.00144EPSS
CVE
CVE
added 2021/08/07 6:15 p.m.214 views

CVE-2021-38165

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.

5.3CVSS5.3AI score0.02891EPSS
CVE
CVE
added 2022/02/18 6:15 p.m.214 views

CVE-2022-0585

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file

6.5CVSS7.7AI score0.00033EPSS
CVE
CVE
added 2024/04/29 4:15 a.m.214 views

CVE-2024-1874

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary comma...

9.4CVSS8.9AI score0.54606EPSS
CVE
CVE
added 2017/07/21 2:29 p.m.213 views

CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherw...

7.5CVSS7.6AI score0.31173EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.213 views

CVE-2019-5761

Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01251EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.213 views

CVE-2020-14573

Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks o...

4.3CVSS3.9AI score0.00189EPSS
CVE
CVE
added 2020/10/06 3:15 p.m.213 views

CVE-2020-25866

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.

7.5CVSS7.4AI score0.0145EPSS
CVE
CVE
added 2021/03/09 8:15 p.m.213 views

CVE-2020-35524

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

7.8CVSS7.2AI score0.00487EPSS
CVE
CVE
added 2021/04/30 9:15 p.m.213 views

CVE-2021-21232

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01708EPSS
CVE
CVE
added 2021/04/19 7:15 p.m.213 views

CVE-2021-29457

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attack...

7.8CVSS7.9AI score0.01509EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.213 views

CVE-2022-0562

Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.

5.5CVSS5.9AI score0.00057EPSS
CVE
CVE
added 2022/06/19 7:15 p.m.213 views

CVE-2022-2129

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.7AI score0.00119EPSS
CVE
CVE
added 2022/07/28 1:15 a.m.213 views

CVE-2022-2157

Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00499EPSS
CVE
CVE
added 2022/10/18 9:15 p.m.213 views

CVE-2022-21618

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated at...

5.3CVSS4.8AI score0.00134EPSS
CVE
CVE
added 2022/06/15 10:15 p.m.213 views

CVE-2022-30184

.NET and Visual Studio Information Disclosure Vulnerability

5.5CVSS5.3AI score0.00512EPSS
CVE
CVE
added 2022/08/30 3:15 a.m.213 views

CVE-2022-38784

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability describ...

7.8CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2023/03/30 8:15 p.m.213 views

CVE-2023-27533

A vulnerability in input validation exists in curl

8.8CVSS8.8AI score0.001EPSS
CVE
CVE
added 2023/07/20 3:15 p.m.213 views

CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. ...

5.3CVSS6.5AI score0.18572EPSS
CVE
CVE
added 2018/03/06 8:29 p.m.212 views

CVE-2018-5729

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

6.5CVSS4.8AI score0.00437EPSS
CVE
CVE
added 2019/12/13 1:15 a.m.212 views

CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gai...

8.1CVSS7.4AI score0.00403EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.212 views

CVE-2019-5757

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8CVSS6.1AI score0.01655EPSS
CVE
CVE
added 2019/02/07 7:29 a.m.212 views

CVE-2019-7573

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

8.8CVSS8.7AI score0.03122EPSS
CVE
CVE
added 2020/07/17 4:15 p.m.212 views

CVE-2020-14928

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

5.9CVSS5.4AI score0.03428EPSS
CVE
CVE
added 2020/09/04 3:15 p.m.212 views

CVE-2020-24659

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_...

7.5CVSS7.3AI score0.03563EPSS
CVE
CVE
added 2020/07/22 5:15 p.m.212 views

CVE-2020-6516

Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3CVSS5.1AI score0.02998EPSS
CVE
CVE
added 2021/02/22 10:15 p.m.212 views

CVE-2021-21153

Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8CVSS8.6AI score0.00968EPSS
CVE
CVE
added 2021/04/26 5:15 p.m.212 views

CVE-2021-21212

Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.

6.5CVSS7AI score0.00865EPSS
CVE
CVE
added 2021/03/30 9:15 p.m.212 views

CVE-2021-29648

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kern...

5.5CVSS5AI score0.00054EPSS
CVE
CVE
added 2021/06/04 6:15 p.m.212 views

CVE-2021-30520

Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00322EPSS
CVE
CVE
added 2021/06/07 8:15 p.m.212 views

CVE-2021-30537

Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.

4.3CVSS4.8AI score0.00088EPSS
CVE
CVE
added 2021/11/15 9:15 p.m.212 views

CVE-2021-42386

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function

7.2CVSS7.2AI score0.00183EPSS
CVE
CVE
added 2011/03/02 8:0 p.m.211 views

CVE-2011-0762

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

4CVSS7.2AI score0.36866EPSS
CVE
CVE
added 2018/12/04 9:29 a.m.211 views

CVE-2018-19841

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.

5.5CVSS5.5AI score0.00253EPSS
CVE
CVE
added 2019/05/24 5:29 p.m.211 views

CVE-2019-10143

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inacce...

7CVSS7AI score0.00079EPSS
Total number of security vulnerabilities5307