Lucene search

K
FedoraprojectFedora

5299 matches found

CVE
CVE
added 2021/01/20 4:15 p.m.776 views

CVE-2020-25683

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. ...

7.1CVSS7AI score0.30243EPSS
CVE
CVE
added 2021/04/22 10:15 p.m.773 views

CVE-2021-2163

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2....

5.3CVSS4.8AI score0.00109EPSS
CVE
CVE
added 2020/03/12 7:15 p.m.769 views

CVE-2020-10531

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

8.8CVSS8.7AI score0.00538EPSS
CVE
CVE
added 2022/11/18 11:15 p.m.769 views

CVE-2021-33621

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

8.8CVSS8.6AI score0.02028EPSS
CVE
CVE
added 2023/10/04 5:15 p.m.767 views

CVE-2023-43804

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak informati...

8.1CVSS8AI score0.00554EPSS
CVE
CVE
added 2017/03/15 4:59 p.m.763 views

CVE-2016-7103

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

6.1CVSS6AI score0.01397EPSS
CVE
CVE
added 2022/02/09 11:15 p.m.763 views

CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an a...

7.5CVSS7.4AI score0.00816EPSS
CVE
CVE
added 2023/09/18 5:15 p.m.761 views

CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data,...

6.5CVSS7.2AI score0.00105EPSS
CVE
CVE
added 2019/01/16 5:29 a.m.760 views

CVE-2019-6446

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have l...

9.8CVSS9.7AI score0.59213EPSS
CVE
CVE
added 2021/02/24 4:15 p.m.760 views

CVE-2020-28599

A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

8.8CVSS7.6AI score0.01358EPSS
CVE
CVE
added 2021/08/23 6:15 p.m.760 views

CVE-2021-39144

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS9AI score0.94412EPSS
CVE
CVE
added 2022/06/09 2:15 p.m.756 views

CVE-2022-31030

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory o...

5.5CVSS5.9AI score0.00109EPSS
CVE
CVE
added 2019/08/13 9:15 p.m.754 views

CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STR...

7.8CVSS7.9AI score0.07665EPSS
CVE
CVE
added 2022/12/14 9:15 p.m.754 views

CVE-2022-2601

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacke...

8.6CVSS8.7AI score0.00069EPSS
CVE
CVE
added 2021/03/25 3:15 p.m.750 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.13128EPSS
CVE
CVE
added 2023/09/20 1:15 p.m.750 views

CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, c...

7.5CVSS7.9AI score0.00211EPSS
CVE
CVE
added 2021/01/20 5:15 p.m.748 views

CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the sam...

4.3CVSS5.9AI score0.00556EPSS
CVE
CVE
added 2019/06/26 4:15 p.m.747 views

CVE-2019-10164

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQ...

9CVSS8.9AI score0.0501EPSS
CVE
CVE
added 2021/10/26 3:15 p.m.747 views

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS ...

6.5CVSS6.5AI score0.29896EPSS
CVE
CVE
added 2019/09/20 7:15 p.m.746 views

CVE-2019-14816

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

7.8CVSS9.1AI score0.00353EPSS
CVE
CVE
added 2023/08/11 6:15 a.m.744 views

CVE-2023-3824

In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.

9.8CVSS8.9AI score0.18573EPSS
CVE
CVE
added 2023/06/05 10:15 p.m.742 views

CVE-2023-3079

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.6AI score0.00543EPSS
CVE
CVE
added 2022/03/23 1:15 p.m.740 views

CVE-2021-25220

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not...

6.8CVSS7AI score0.00076EPSS
CVE
CVE
added 2024/04/15 8:15 p.m.740 views

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. Th...

5.9CVSS5.9AI score0.22841EPSS
CVE
CVE
added 2023/11/03 1:15 p.m.738 views

CVE-2023-3961

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates o...

9.8CVSS9.3AI score0.01941EPSS
CVE
CVE
added 2021/02/15 1:15 p.m.737 views

CVE-2021-23336

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can s...

5.9CVSS7.6AI score0.00414EPSS
CVE
CVE
added 2022/11/09 10:15 p.m.731 views

CVE-2022-38023

Netlogon RPC Elevation of Privilege Vulnerability

8.1CVSS8.3AI score0.0032EPSS
CVE
CVE
added 2023/08/23 12:15 a.m.729 views

CVE-2023-4431

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

8.1CVSS7.6AI score0.00128EPSS
CVE
CVE
added 2022/02/02 12:15 p.m.728 views

CVE-2022-21724

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on ...

9.8CVSS8.4AI score0.05194EPSS
CVE
CVE
added 2019/12/23 3:15 a.m.724 views

CVE-2019-11049

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.

9.8CVSS7.8AI score0.01969EPSS
CVE
CVE
added 2023/08/08 7:15 p.m.723 views

CVE-2023-38180

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.8AI score0.00133EPSS
CVE
CVE
added 2021/07/20 7:15 p.m.721 views

CVE-2021-33909

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

7.8CVSS7.9AI score0.02989EPSS
CVE
CVE
added 2023/10/18 4:15 a.m.719 views

CVE-2023-39332

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings (see CVE-2023-30584) and Buffer objects (see CVE-2023-32004), but not through non-Buffer ...

9.8CVSS8.6AI score0.00375EPSS
CVE
CVE
added 2022/07/20 8:15 p.m.715 views

CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents consi...

6.1CVSS6AI score0.06383EPSS
CVE
CVE
added 2021/01/20 4:15 p.m.705 views

CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNS...

4.3CVSS6AI score0.00521EPSS
CVE
CVE
added 2023/06/09 7:15 p.m.705 views

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security de...

5.4CVSS6.3AI score0.00212EPSS
CVE
CVE
added 2016/04/05 8:59 p.m.701 views

CVE-2016-3125

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.

7.5CVSS7.4AI score0.00866EPSS
CVE
CVE
added 2022/12/23 3:15 p.m.701 views

CVE-2022-43551

A vulnerability exists in curl

7.5CVSS7.3AI score0.0004EPSS
CVE
CVE
added 2022/09/09 2:15 p.m.700 views

CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 ...

7.5CVSS7.5AI score0.00355EPSS
CVE
CVE
added 2018/11/16 9:29 a.m.698 views

CVE-2018-19296

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

8.8CVSS8.6AI score0.01227EPSS
CVE
CVE
added 2024/01/31 10:15 p.m.698 views

CVE-2024-21626

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem name...

8.6CVSS8.7AI score0.0331EPSS
CVE
CVE
added 2021/10/27 9:15 p.m.697 views

CVE-2021-25219

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw...

5.3CVSS5.8AI score0.00518EPSS
CVE
CVE
added 2009/07/05 4:30 p.m.693 views

CVE-2009-1890

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of servic...

7.1CVSS7.2AI score0.26458EPSS
CVE
CVE
added 2019/02/11 7:29 p.m.687 views

CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attack...

9.3CVSS8.8AI score0.50726EPSS
CVE
CVE
added 2024/05/14 3:44 p.m.682 views

CVE-2024-4671

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.3AI score0.00373EPSS
CVE
CVE
added 2023/09/18 8:15 a.m.680 views

CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be spe...

8.8CVSS8.8AI score0.20058EPSS
CVE
CVE
added 2019/12/23 3:15 a.m.675 views

CVE-2019-11047

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure...

6.5CVSS7AI score0.01639EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.673 views

CVE-2019-2938

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su...

4.4CVSS4.5AI score0.00129EPSS
CVE
CVE
added 2022/09/28 11:15 p.m.673 views

CVE-2022-31628

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

5.5CVSS6.4AI score0.00026EPSS
CVE
CVE
added 2019/11/26 5:15 p.m.672 views

CVE-2019-12526

An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data ov...

9.8CVSS9.2AI score0.39765EPSS
Total number of security vulnerabilities5299