Total
5316 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1632 | 2 Fedoraproject, Redhat | 3 Fedora, Ansible Automation Platform, Openshift Container Platform | 2022-12-13 | N/A | 6.5 MEDIUM |
| An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality. | |||||
| CVE-2022-0330 | 4 Fedoraproject, Linux, Netapp and 1 more | 46 Fedora, Linux Kernel, H300e and 43 more | 2022-12-07 | 4.6 MEDIUM | 7.8 HIGH |
| A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | |||||
| CVE-2021-23177 | 4 Debian, Fedoraproject, Libarchive and 1 more | 13 Debian Linux, Fedora, Libarchive and 10 more | 2022-12-03 | N/A | 7.8 HIGH |
| An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges. | |||||
| CVE-2022-31779 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2022-12-03 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
| CVE-2022-2625 | 3 Fedoraproject, Postgresql, Redhat | 3 Fedora, Postgresql, Enterprise Linux | 2022-12-02 | N/A | 8.0 HIGH |
| A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser. | |||||
| CVE-2021-26252 | 3 Fedoraproject, Htmldoc Project, Redhat | 3 Fedora, Htmldoc, Enterprise Linux | 2022-12-02 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | |||||
| CVE-2021-35938 | 3 Fedoraproject, Redhat, Rpm | 3 Fedora, Enterprise Linux, Rpm | 2022-11-29 | N/A | 6.7 MEDIUM |
| A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-4217 | 3 Fedoraproject, Redhat, Unzip Project | 3 Fedora, Enterprise Linux, Unzip | 2022-11-29 | N/A | 3.3 LOW |
| A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | |||||
| CVE-2022-2153 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2022-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. | |||||
| CVE-2019-14855 | 3 Canonical, Fedoraproject, Gnupg | 3 Ubuntu Linux, Fedora, Gnupg | 2022-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. | |||||
| CVE-2019-3804 | 3 Cockpit-project, Fedoraproject, Redhat | 3 Cockpit, Fedora, Virtualization | 2022-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash. | |||||
| CVE-2020-25718 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2022-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. | |||||
| CVE-2022-25271 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2022-11-07 | 4.3 MEDIUM | 7.5 HIGH |
| Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. | |||||
| CVE-2022-0725 | 2 Fedoraproject, Keepass | 3 Extra Packages For Enterprise Linux, Fedora, Keepass | 2022-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. | |||||
| CVE-2021-3695 | 4 Fedoraproject, Gnu, Netapp and 1 more | 14 Fedora, Grub, Ontap Select Deploy Administration Utility and 11 more | 2022-10-28 | 4.4 MEDIUM | 4.5 MEDIUM |
| A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | |||||
| CVE-2015-4802 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2022-10-27 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. | |||||
| CVE-2021-3446 | 3 Fedoraproject, Libtpms Project, Redhat | 3 Fedora, Libtpms, Enterprise Linux | 2022-10-27 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-3608 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2022-10-26 | 4.9 MEDIUM | 6.0 MEDIUM |
| A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-25719 | 5 Canonical, Debian, Fedoraproject and 2 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2022-10-21 | 9.0 HIGH | 7.2 HIGH |
| A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. | |||||
| CVE-2022-1328 | 3 Debian, Fedoraproject, Mutt | 3 Debian Linux, Fedora, Mutt | 2022-10-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line | |||||