Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 4932 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9517 12 Apache, Apple, Canonical and 9 more 25 Http Server, Traffic Server, Mac Os X and 22 more 2025-01-14 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
CVE-2019-9515 12 Apache, Apple, Canonical and 9 more 24 Traffic Server, Mac Os X, Swiftnio and 21 more 2025-01-14 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-9511 12 Apache, Apple, Canonical and 9 more 22 Traffic Server, Mac Os X, Swiftnio and 19 more 2025-01-14 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-14907 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2025-01-14 2.6 LOW 6.5 MEDIUM
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
CVE-2023-34152 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2025-01-13 N/A 9.8 CRITICAL
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
CVE-2021-30184 2 Fedoraproject, Gnu 2 Fedora, Chess 2025-01-12 6.8 MEDIUM 7.8 HIGH
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.
CVE-2023-34153 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2025-01-10 N/A 7.8 HIGH
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
CVE-2023-33460 3 Debian, Fedoraproject, Yajl Project 3 Debian Linux, Fedora, Yajl 2025-01-08 N/A 6.5 MEDIUM
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
CVE-2024-26256 3 Fedoraproject, Libarchive, Microsoft 5 Fedora, Libarchive, Windows 11 22h2 and 2 more 2025-01-08 N/A 7.8 HIGH
Libarchive Remote Code Execution Vulnerability
CVE-2023-29402 2 Fedoraproject, Golang 2 Fedora, Go 2025-01-06 N/A 9.8 CRITICAL
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).
CVE-2023-29405 2 Fedoraproject, Golang 2 Fedora, Go 2025-01-06 N/A 9.8 CRITICAL
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.
CVE-2023-29404 2 Fedoraproject, Golang 2 Fedora, Go 2025-01-06 N/A 9.8 CRITICAL
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.
CVE-2023-29403 2 Fedoraproject, Golang 2 Fedora, Go 2025-01-06 N/A 7.8 HIGH
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.
CVE-2023-2455 3 Fedoraproject, Postgresql, Redhat 4 Fedora, Postgresql, Enterprise Linux and 1 more 2025-01-06 N/A 5.4 MEDIUM
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
CVE-2023-2454 3 Fedoraproject, Postgresql, Redhat 4 Fedora, Postgresql, Enterprise Linux and 1 more 2025-01-06 N/A 7.2 HIGH
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
CVE-2023-5528 3 Fedoraproject, Kubernetes, Microsoft 3 Fedora, Kubernetes, Windows 2025-01-03 N/A 7.2 HIGH
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
CVE-2022-38023 4 Fedoraproject, Microsoft, Netapp and 1 more 9 Fedora, Windows Server 2008, Windows Server 2012 and 6 more 2025-01-02 N/A 8.1 HIGH
Netlogon RPC Elevation of Privilege Vulnerability
CVE-2022-37967 4 Fedoraproject, Microsoft, Netapp and 1 more 9 Fedora, Windows Server 2008, Windows Server 2012 and 6 more 2025-01-02 N/A 7.2 HIGH
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-37966 4 Fedoraproject, Microsoft, Netapp and 1 more 9 Fedora, Windows Server 2008, Windows Server 2012 and 6 more 2025-01-02 N/A 8.1 HIGH
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
CVE-2022-38013 2 Fedoraproject, Microsoft 5 Fedora, .net, .net Core and 2 more 2025-01-02 N/A 7.5 HIGH
.NET Core and Visual Studio Denial of Service Vulnerability