Export limit exceeded: 361806 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2839 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24439 | 4 Debian, Fedoraproject, Gitpython Project and 1 more | 5 Debian Linux, Fedora, Gitpython and 2 more | 2025-11-03 | 8.1 High |
| All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. | ||||
| CVE-2021-43859 | 6 Debian, Fedoraproject, Jenkins and 3 more | 14 Debian Linux, Fedora, Jenkins and 11 more | 2025-11-03 | 7.5 High |
| XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible. | ||||
| CVE-2021-42781 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2025-11-03 | 5.3 Medium |
| Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. | ||||
| CVE-2021-42780 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2025-11-03 | 5.3 Medium |
| A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. | ||||
| CVE-2021-42779 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2025-11-03 | 5.3 Medium |
| A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. | ||||
| CVE-2021-42778 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2025-11-03 | 5.3 Medium |
| A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. | ||||
| CVE-2021-3733 | 4 Fedoraproject, Netapp, Python and 1 more | 21 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 18 more | 2025-11-03 | 6.5 Medium |
| There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | ||||
| CVE-2021-3669 | 5 Debian, Fedoraproject, Ibm and 2 more | 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more | 2025-11-03 | 5.5 Medium |
| A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | ||||
| CVE-2021-36087 | 3 Fedoraproject, Redhat, Selinux Project | 3 Fedora, Enterprise Linux, Selinux | 2025-11-03 | 3.3 Low |
| The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. | ||||
| CVE-2021-36085 | 3 Fedoraproject, Redhat, Selinux Project | 3 Fedora, Enterprise Linux, Selinux | 2025-11-03 | 3.3 Low |
| The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). | ||||
| CVE-2021-36084 | 3 Fedoraproject, Redhat, Selinux Project | 3 Fedora, Enterprise Linux, Selinux | 2025-11-03 | 3.3 Low |
| The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). | ||||
| CVE-2021-23358 | 5 Debian, Fedoraproject, Redhat and 2 more | 6 Debian Linux, Fedora, Acm and 3 more | 2025-11-03 | 3.3 Low |
| The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. | ||||
| CVE-2020-16156 | 3 Fedoraproject, Perl, Redhat | 3 Fedora, Comprehensive Perl Archive Network, Enterprise Linux | 2025-11-03 | 7.8 High |
| CPAN 2.28 allows Signature Verification Bypass. | ||||
| CVE-2020-10735 | 3 Fedoraproject, Python, Redhat | 7 Fedora, Python, Enterprise Linux and 4 more | 2025-11-03 | 7.5 High |
| A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. | ||||
| CVE-2015-20107 | 4 Fedoraproject, Netapp, Python and 1 more | 7 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 4 more | 2025-11-03 | 7.6 High |
| In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | ||||
| CVE-2024-32661 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 7.5 High |
| FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2024-32660 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 7.5 High |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2024-32659 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 9.8 Critical |
| FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2024-32658 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 9.8 Critical |
| FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2024-32460 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 8.1 High |
| FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support. | ||||