CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fedoraproject » Fedora : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-32762 190 Overflow 2021-10-04 2021-11-28
9.0
None Remote Low ??? Complete Complete Complete
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.
2 CVE-2021-32708 367 Exec Code 2021-06-24 2021-09-20
9.3
None Remote Medium Not required Complete Complete Complete
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.
3 CVE-2021-21106 416 2021-01-08 2021-01-28
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
4 CVE-2021-3973 787 Overflow 2021-11-19 2021-11-26
9.3
None Remote Medium Not required Complete Complete Complete
vim is vulnerable to Heap-based Buffer Overflow
5 CVE-2021-3466 120 Overflow 2021-03-25 2021-12-03
10.0
None Remote Low Not required Complete Complete Complete
A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
6 CVE-2020-27846 115 Bypass 2020-12-21 2021-03-31
10.0
None Remote Low Not required Complete Complete Complete
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
7 CVE-2020-10188 120 Exec Code Overflow 2020-03-06 2021-11-30
10.0
None Remote Low Not required Complete Complete Complete
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
8 CVE-2020-9273 416 Exec Code 2020-02-20 2021-09-14
9.0
None Remote Low ??? Complete Complete Complete
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
9 CVE-2020-6559 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
10 CVE-2020-6553 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11 CVE-2020-6552 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
12 CVE-2020-6551 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
13 CVE-2020-6550 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14 CVE-2020-6549 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
15 CVE-2020-6548 787 Overflow 2020-09-21 2021-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
16 CVE-2020-6524 787 Overflow 2020-07-22 2021-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
17 CVE-2020-6523 787 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
18 CVE-2020-6520 120 Overflow 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19 CVE-2020-6518 416 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
20 CVE-2020-6517 787 Overflow 2020-07-22 2021-03-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
21 CVE-2020-6515 416 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
22 CVE-2020-6512 843 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
23 CVE-2020-6449 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
24 CVE-2020-6429 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
25 CVE-2020-6428 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
26 CVE-2020-6427 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
27 CVE-2020-6424 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28 CVE-2020-6422 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
29 CVE-2020-1747 20 Exec Code 2020-03-24 2021-03-26
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
30 CVE-2020-1472 269 2020-08-17 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
31 CVE-2019-19604 20 Exec Code 2019-12-11 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
32 CVE-2019-14901 787 DoS Exec Code Overflow 2019-11-29 2019-12-12
10.0
None Remote Low Not required Complete Complete Complete
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.
33 CVE-2019-14896 787 DoS Exec Code Overflow 2019-11-27 2020-01-03
10.0
None Remote Low Not required Complete Complete Complete
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.
34 CVE-2019-14889 78 Exec Code 2019-12-10 2020-12-04
9.3
None Remote Medium Not required Complete Complete Complete
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.
35 CVE-2019-14287 755 Bypass 2019-10-17 2021-09-15
9.0
None Remote Low ??? Complete Complete Complete
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
36 CVE-2019-10196 665 DoS 2021-03-19 2021-03-25
9.0
None Remote Low Not required Partial Partial Complete
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.
37 CVE-2019-10164 787 Exec Code Overflow 2019-06-26 2020-10-02
9.0
None Remote Low ??? Complete Complete Complete
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
38 CVE-2019-7443 20 2019-05-07 2019-05-10
9.3
None Remote Medium Not required Complete Complete Complete
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
39 CVE-2019-5736 78 Exec Code 2019-02-11 2021-07-01
9.3
None Remote Medium Not required Complete Complete Complete
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
40 CVE-2019-3855 787 Exec Code Overflow 2019-03-21 2020-10-15
9.3
None Remote Medium Not required Complete Complete Complete
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
41 CVE-2017-11610 276 Exec Code 2017-08-23 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
42 CVE-2016-9961 189 2017-06-06 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
game-music-emu before 0.6.1 mishandles unspecified integer values.
43 CVE-2016-6299 264 +Priv Bypass 2017-04-14 2017-04-25
9.3
None Remote Medium Not required Complete Complete Complete
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.
44 CVE-2016-2334 119 Exec Code Overflow 2016-12-13 2017-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
45 CVE-2016-1522 119 DoS Exec Code Overflow 2016-02-13 2017-07-01
9.3
None Remote Medium Not required Complete Complete Complete
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.
46 CVE-2015-8868 119 DoS Exec Code Overflow Mem. Corr. 2016-05-06 2018-01-05
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
47 CVE-2015-8540 189 2016-04-14 2021-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
48 CVE-2015-8106 134 Exec Code 2016-04-18 2016-05-18
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.
49 CVE-2015-7221 119 DoS Overflow 2015-12-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.
50 CVE-2015-7220 119 DoS Overflow 2015-12-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.
Total number of vulnerabilities : 79   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.