Filtered by vendor Fedoraproject
Subscriptions
Total
5319 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-21624 | 5 Azul, Fedoraproject, Netapp and 2 more | 20 Zulu, Fedora, 7-mode Transition Tool and 17 more | 2025-02-13 | 3.7 Low |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | ||||
| CVE-2022-21619 | 5 Azul, Fedoraproject, Netapp and 2 more | 20 Zulu, Fedora, 7-mode Transition Tool and 17 more | 2025-02-13 | 3.7 Low |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | ||||
| CVE-2022-21618 | 5 Azul, Fedoraproject, Netapp and 2 more | 18 Zulu, Fedora, 7-mode Transition Tool and 15 more | 2025-02-13 | 5.3 Medium |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | ||||
| CVE-2022-2085 | 2 Artifex, Fedoraproject | 2 Ghostscript, Fedora | 2025-02-13 | 5.5 Medium |
| A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash. | ||||
| CVE-2022-0996 | 2 Fedoraproject, Redhat | 4 Fedora, 389 Directory Server, Enterprise Linux and 1 more | 2025-02-13 | 6.5 Medium |
| A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | ||||
| CVE-2022-0530 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2025-02-13 | 5.5 Medium |
| A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | ||||
| CVE-2022-0529 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2025-02-13 | 5.5 Medium |
| A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | ||||
| CVE-2021-45046 | 8 Apache, Cvat, Debian and 5 more | 71 Log4j, Computer Vision Annotation Tool, Debian Linux and 68 more | 2025-02-13 | 9 Critical |
| It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. | ||||
| CVE-2021-43612 | 3 Fedoraproject, Lldpd Project, Redhat | 3 Fedora, Lldpd, Enterprise Linux | 2025-02-13 | 7.5 High |
| In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. | ||||
| CVE-2021-41184 | 7 Drupal, Fedoraproject, Jqueryui and 4 more | 36 Drupal, Fedora, Jquery Ui and 33 more | 2025-02-13 | 6.5 Medium |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | ||||
| CVE-2021-41183 | 8 Debian, Drupal, Fedoraproject and 5 more | 37 Debian Linux, Drupal, Fedora and 34 more | 2025-02-13 | 6.5 Medium |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. | ||||
| CVE-2021-41182 | 8 Debian, Drupal, Fedoraproject and 5 more | 38 Debian Linux, Drupal, Fedora and 35 more | 2025-02-13 | 6.5 Medium |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. | ||||
| CVE-2021-3981 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Grub2, Enterprise Linux | 2025-02-13 | 3.3 Low |
| A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. | ||||
| CVE-2021-3979 | 2 Fedoraproject, Redhat | 8 Fedora, Ceph Storage, Ceph Storage For Ibm Z Systems and 5 more | 2025-02-13 | 6.5 Medium |
| A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. | ||||
| CVE-2021-3670 | 3 Fedoraproject, Redhat, Samba | 3 Fedora, Storage, Samba | 2025-02-13 | 6.5 Medium |
| MaxQueryDuration not honoured in Samba AD DC LDAP | ||||
| CVE-2021-3407 | 3 Artifex, Debian, Fedoraproject | 3 Mupdf, Debian Linux, Fedora | 2025-02-13 | 5.5 Medium |
| A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences. | ||||
| CVE-2021-30499 | 2 Fedoraproject, Libcaca Project | 2 Fedora, Libcaca | 2025-02-13 | 7.8 High |
| A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences. | ||||
| CVE-2021-30498 | 2 Fedoraproject, Libcaca Project | 2 Fedora, Libcaca | 2025-02-13 | 7.8 High |
| A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences. | ||||
| CVE-2021-27906 | 4 Apache, Fedoraproject, Oracle and 1 more | 21 Pdfbox, Fedora, Banking Corporate Lending Process Management and 18 more | 2025-02-13 | 5.5 Medium |
| A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | ||||
| CVE-2021-27807 | 4 Apache, Fedoraproject, Oracle and 1 more | 17 Pdfbox, Fedora, Banking Trade Finance Process Management and 14 more | 2025-02-13 | 5.5 Medium |
| A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | ||||