Lucene search

K
FedoraprojectFedora

5315 matches found

CVE
CVE
added 2021/10/05 6:15 p.m.997 views

CVE-2021-39226

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuratio...

9.8CVSS8.4AI score0.94344EPSS
In wildWeb
CVE
CVE
added 2022/11/01 6:15 p.m.982 views

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verificat...

7.5CVSS8.1AI score0.22051EPSS
Web
CVE
CVE
added 2022/05/24 3:15 p.m.980 views

CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can sp...

7.5CVSS6.7AI score0.00446EPSS
CVE
CVE
added 2023/05/26 6:15 p.m.976 views

CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuild_proxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent thro...

6.1CVSS6.8AI score0.06121EPSS
CVE
CVE
added 2023/04/19 4:15 a.m.973 views

CVE-2023-2136

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.6CVSS8.2AI score0.00392EPSS
In wild
CVE
CVE
added 2021/03/09 8:15 p.m.964 views

CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive fil...

8CVSS7.7AI score0.70684EPSS
CVE
CVE
added 2020/04/23 3:15 p.m.963 views

CVE-2020-11945

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if...

9.8CVSS9.7AI score0.33632EPSS
CVE
CVE
added 2022/02/21 3:15 p.m.962 views

CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and w...

9CVSS8.9AI score0.24962EPSS
Web
CVE
CVE
added 2023/01/12 3:15 p.m.960 views

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with ...

6.5CVSS6.7AI score0.00712EPSS
CVE
CVE
added 2022/03/04 7:15 p.m.953 views

CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

7.5CVSS7.6AI score0.00138EPSS
CVE
CVE
added 2020/06/15 2:15 p.m.949 views

CVE-2020-0543

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5CVSS6.3AI score0.00533EPSS
CVE
CVE
added 2021/06/07 8:15 p.m.947 views

CVE-2021-30533

Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.

6.5CVSS6.5AI score0.06446EPSS
In wild
CVE
CVE
added 2022/09/26 4:15 p.m.942 views

CVE-2022-2856

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.

6.5CVSS6.6AI score0.03429EPSS
In wild
CVE
CVE
added 2019/03/23 6:29 p.m.940 views

CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

9.1CVSS9.4AI score0.01118EPSS
CVE
CVE
added 2022/02/24 7:15 p.m.940 views

CVE-2022-0546

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

7.8CVSS7.8AI score0.00386EPSS
CVE
CVE
added 2024/06/09 8:15 p.m.933 views

CVE-2024-4577

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misin...

9.8CVSS9.3AI score0.94385EPSS
In wild
CVE
CVE
added 2021/06/15 10:15 p.m.930 views

CVE-2021-30547

Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8CVSS5.9AI score0.00734EPSS
CVE
CVE
added 2020/11/19 7:15 p.m.928 views

CVE-2020-28949

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

7.8CVSS7.7AI score0.92731EPSS
In wildWeb
CVE
CVE
added 2021/12/23 9:15 p.m.924 views

CVE-2021-3621

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threa...

9.3CVSS8.8AI score0.00276EPSS
CVE
CVE
added 2022/02/16 11:15 p.m.909 views

CVE-2022-25271

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critica...

7.5CVSS7.2AI score0.00305EPSS
CVE
CVE
added 2023/09/28 4:15 p.m.905 views

CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS9.2AI score0.00999EPSS
In wildWeb
CVE
CVE
added 2023/03/23 9:15 p.m.902 views

CVE-2023-0056

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

6.5CVSS6.3AI score0.00148EPSS
CVE
CVE
added 2022/09/20 11:15 p.m.899 views

CVE-2022-35957

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All inst...

6.6CVSS7.2AI score0.00748EPSS
CVE
CVE
added 2009/07/10 3:30 p.m.874 views

CVE-2009-1891

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

7.1CVSS7.3AI score0.14811EPSS
CVE
CVE
added 2023/06/13 5:15 p.m.874 views

CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

3.9CVSS5.1AI score0.01049EPSS
In wild
CVE
CVE
added 2019/06/07 6:29 p.m.873 views

CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. Wh...

9.8CVSS9.7AI score0.09135EPSS
CVE
CVE
added 2022/08/06 6:15 p.m.871 views

CVE-2022-37451

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

7.5CVSS7.5AI score0.02559EPSS
CVE
CVE
added 2021/01/20 4:15 p.m.866 views

CVE-2020-25684

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query...

4.3CVSS6AI score0.00556EPSS
CVE
CVE
added 2021/12/28 8:15 p.m.863 views

CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is ...

8.5CVSS8.4AI score0.50384EPSS
In wildWeb
CVE
CVE
added 2018/12/23 11:29 p.m.859 views

CVE-2018-20406

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of...

7.5CVSS8.1AI score0.01089EPSS
CVE
CVE
added 2022/09/28 11:15 p.m.859 views

CVE-2022-31629

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.

6.5CVSS7.2AI score0.24317EPSS
Web
CVE
CVE
added 2019/08/20 9:15 p.m.856 views

CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

7.5CVSS7.3AI score0.00262EPSS
CVE
CVE
added 2022/06/09 5:15 p.m.855 views

CVE-2022-30522

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.

7.5CVSS8.7AI score0.11364EPSS
CVE
CVE
added 2022/02/15 4:15 p.m.848 views

CVE-2022-21698

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and ...

7.5CVSS8.8AI score0.00279EPSS
CVE
CVE
added 2014/10/15 12:55 a.m.846 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

4.3CVSS4.4AI score0.93969EPSS
CVE
CVE
added 2021/05/12 2:15 p.m.840 views

CVE-2021-20277

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

7.5CVSS7.5AI score0.11529EPSS
CVE
CVE
added 2022/02/18 6:15 p.m.838 views

CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

8.5CVSS8.1AI score0.00154EPSS
CVE
CVE
added 2023/02/03 6:15 a.m.838 views

CVE-2023-25136

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-p...

6.5CVSS6.8AI score0.90014EPSS
Web
CVE
CVE
added 2020/05/19 2:15 p.m.837 views

CVE-2020-8617

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...

7.5CVSS7.2AI score0.92319EPSS
Web
CVE
CVE
added 2019/07/11 7:15 p.m.836 views

CVE-2019-12525

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends wi...

9.8CVSS9.2AI score0.46527EPSS
CVE
CVE
added 2019/02/27 11:29 p.m.815 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.0708EPSS
CVE
CVE
added 2021/05/05 2:15 p.m.815 views

CVE-2021-20254

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache...

6.8CVSS6.8AI score0.00341EPSS
CVE
CVE
added 2021/02/22 10:15 p.m.815 views

CVE-2021-21157

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01551EPSS
CVE
CVE
added 2021/12/30 10:15 p.m.810 views

CVE-2021-4183

Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file

5.5CVSS6AI score0.00051EPSS
CVE
CVE
added 2020/06/17 10:15 p.m.794 views

CVE-2020-8619

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry ...

4.9CVSS5.3AI score0.09969EPSS
CVE
CVE
added 2022/11/18 11:15 p.m.794 views

CVE-2021-33621

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

8.8CVSS8.6AI score0.02028EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.792 views

CVE-2020-15117

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

6.5CVSS6.2AI score0.00494EPSS
CVE
CVE
added 2020/02/04 8:15 p.m.792 views

CVE-2020-8450

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

7.5CVSS7.5AI score0.44655EPSS
CVE
CVE
added 2020/09/27 4:15 a.m.787 views

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

7.2CVSS7.3AI score0.00579EPSS
CVE
CVE
added 2021/04/22 10:15 p.m.787 views

CVE-2021-2163

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2....

5.3CVSS4.8AI score0.00109EPSS
Total number of security vulnerabilities5315