Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    7 vulnerabilities by Fedora Project

    CVE-2025-1272 (GCVE-0-2025-1272)

    Vulnerability from nvd – Published: 2026-02-18 20:29 – Updated: 2026-02-26 16:18
    VLAI
    Title
    Kernel: secure boot does not automatically enable kernel lockdown
    Summary
    The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:6966 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-1272 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2345615 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Fedora Project Fedora Linux Affected: 6.12.4-100.fc40 , < 6.12.15-100.fc40 (rpm)
    Affected: 6.12.1-200.fc41 , < 6.12.15-200.fc41 (rpm)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-570.12.1.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::realtime
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Date Public
    2025-02-13 00:00
    Credits
    Red Hat would like to thank Nicolas Bouchinet (ANSSI – French Cybersecurity Agency) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-26T16:18:09.923764Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-306",
                    "description": "CWE-306 Missing Authentication for Critical Function",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:18:15.279Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packages.fedoraproject.org/pkgs/kernel/kernel/",
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Fedora Linux",
              "vendor": "Fedora Project",
              "versions": [
                {
                  "lessThan": "6.12.15-100.fc40",
                  "status": "affected",
                  "version": "6.12.4-100.fc40",
                  "versionType": "rpm"
                },
                {
                  "lessThan": "6.12.15-200.fc41",
                  "status": "affected",
                  "version": "6.12.1-200.fc41",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-570.12.1.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-570.12.1.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Nicolas Bouchinet (ANSSI \u2013 French Cybersecurity Agency) for reporting this issue."
            }
          ],
          "datePublic": "2025-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-18T20:44:23.172Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "name": "RHSA-2025:6966",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:6966"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-1272"
            },
            {
              "name": "RHBZ#2345615",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345615"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-13T18:20:02.022Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-02-13T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: secure boot does not automatically enable kernel lockdown",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2025-1272",
        "datePublished": "2026-02-18T20:29:15.172Z",
        "dateReserved": "2025-02-13T14:50:34.797Z",
        "dateUpdated": "2026-02-26T16:18:15.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-3675 (GCVE-0-2022-3675)

    Vulnerability from nvd – Published: 2022-11-03 17:25 – Updated: 2025-05-02 18:53
    VLAI
    Summary
    Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Fedora Project CoreOS Affected: testing 36.20220906.2.0 and later , < testing 36.20221030.2.0 (fix)
    Affected: next 36.20220906.1.0 and later , < next 37.20221031.1.0 (fix)
    Affected: stable 36.20220820.3.0 and later , < stable 36.20221014.3.0 (fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:03.251Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/coreos/fedora-coreos-tracker/issues/1333"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/"
              },
              {
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3675",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-02T18:53:02.484531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-02T18:53:10.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "coreos-assembler",
              "product": "CoreOS",
              "vendor": "Fedora Project",
              "versions": [
                {
                  "lessThan": "testing 36.20221030.2.0 ",
                  "status": "affected",
                  "version": "testing 36.20220906.2.0 and later",
                  "versionType": "fix"
                },
                {
                  "lessThan": "next 37.20221031.1.0",
                  "status": "affected",
                  "version": "next 36.20220906.1.0 and later",
                  "versionType": "fix"
                },
                {
                  "lessThan": "stable 36.20221014.3.0",
                  "status": "affected",
                  "version": "stable 36.20220820.3.0 and later",
                  "versionType": "fix"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eFedora CoreOS supports setting a GRUB bootloader password\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\nGRUB command-line, modify kernel command-line arguments, or boot\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\nmisconfiguration which allows booting non-default OSTree deployments\nwithout entering a password.  This allows someone with access to the\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\nany security fixes that have recently been applied to the machine.  A\npassword is still required to modify kernel command-line arguments and\nto access the GRUB command line.\n\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Fedora CoreOS supports setting a GRUB bootloader password\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\nGRUB command-line, modify kernel command-line arguments, or boot\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\nmisconfiguration which allows booting non-default OSTree deployments\nwithout entering a password.  This allows someone with access to the\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\nany security fixes that have recently been applied to the machine.  A\npassword is still required to modify kernel command-line arguments and\nto access the GRUB command line.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-03T17:49:43.071Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/coreos/fedora-coreos-tracker/issues/1333"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2022-3675",
        "datePublished": "2022-11-03T17:25:02.823Z",
        "dateReserved": "2022-10-24T06:40:10.332Z",
        "dateUpdated": "2025-05-02T18:53:10.153Z",
        "requesterUserId": "f3a2da25-33ae-4444-b293-a5bd0f5d6b21",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14638 (GCVE-0-2018-14638)

    Vulnerability from nvd – Published: 2018-09-14 19:00 – Updated: 2024-08-05 09:38
    VLAI
    Summary
    A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fedora Project 389-ds-base Affected: 1.3.8.4-13
    Create a notification for this product.
    Date Public
    2018-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:2757",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2757"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "389-ds-base",
              "vendor": "Fedora Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.8.4-13"
                }
              ]
            }
          ],
          "datePublic": "2018-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-26T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2018:2757",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2757"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2018-14638",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "389-ds-base",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.3.8.4-13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fedora Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:2757",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2757"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638"
                },
                {
                  "name": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73",
                  "refsource": "CONFIRM",
                  "url": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-14638",
        "datePublished": "2018-09-14T19:00:00.000Z",
        "dateReserved": "2018-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:38:13.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1272 (GCVE-0-2025-1272)

    Vulnerability from cvelistv5 – Published: 2026-02-18 20:29 – Updated: 2026-02-26 16:18
    VLAI
    Title
    Kernel: secure boot does not automatically enable kernel lockdown
    Summary
    The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:6966 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-1272 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2345615 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Fedora Project Fedora Linux Affected: 6.12.4-100.fc40 , < 6.12.15-100.fc40 (rpm)
    Affected: 6.12.1-200.fc41 , < 6.12.15-200.fc41 (rpm)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-570.12.1.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
        cpe:/a:redhat:enterprise_linux:9::realtime
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Date Public
    2025-02-13 00:00
    Credits
    Red Hat would like to thank Nicolas Bouchinet (ANSSI – French Cybersecurity Agency) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-26T16:18:09.923764Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-306",
                    "description": "CWE-306 Missing Authentication for Critical Function",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:18:15.279Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packages.fedoraproject.org/pkgs/kernel/kernel/",
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Fedora Linux",
              "vendor": "Fedora Project",
              "versions": [
                {
                  "lessThan": "6.12.15-100.fc40",
                  "status": "affected",
                  "version": "6.12.4-100.fc40",
                  "versionType": "rpm"
                },
                {
                  "lessThan": "6.12.15-200.fc41",
                  "status": "affected",
                  "version": "6.12.1-200.fc41",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-570.12.1.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos",
                "cpe:/a:redhat:enterprise_linux:9::realtime",
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::nfv"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.14.0-570.12.1.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "kernel-rt",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Nicolas Bouchinet (ANSSI \u2013 French Cybersecurity Agency) for reporting this issue."
            }
          ],
          "datePublic": "2025-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-18T20:44:23.172Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "name": "RHSA-2025:6966",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:6966"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-1272"
            },
            {
              "name": "RHBZ#2345615",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345615"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-13T18:20:02.022Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-02-13T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Kernel: secure boot does not automatically enable kernel lockdown",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2025-1272",
        "datePublished": "2026-02-18T20:29:15.172Z",
        "dateReserved": "2025-02-13T14:50:34.797Z",
        "dateUpdated": "2026-02-26T16:18:15.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-3675 (GCVE-0-2022-3675)

    Vulnerability from cvelistv5 – Published: 2022-11-03 17:25 – Updated: 2025-05-02 18:53
    VLAI
    Summary
    Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Fedora Project CoreOS Affected: testing 36.20220906.2.0 and later , < testing 36.20221030.2.0 (fix)
    Affected: next 36.20220906.1.0 and later , < next 37.20221031.1.0 (fix)
    Affected: stable 36.20220820.3.0 and later , < stable 36.20221014.3.0 (fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:03.251Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/coreos/fedora-coreos-tracker/issues/1333"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/"
              },
              {
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3675",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-02T18:53:02.484531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-02T18:53:10.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "coreos-assembler",
              "product": "CoreOS",
              "vendor": "Fedora Project",
              "versions": [
                {
                  "lessThan": "testing 36.20221030.2.0 ",
                  "status": "affected",
                  "version": "testing 36.20220906.2.0 and later",
                  "versionType": "fix"
                },
                {
                  "lessThan": "next 37.20221031.1.0",
                  "status": "affected",
                  "version": "next 36.20220906.1.0 and later",
                  "versionType": "fix"
                },
                {
                  "lessThan": "stable 36.20221014.3.0",
                  "status": "affected",
                  "version": "stable 36.20220820.3.0 and later",
                  "versionType": "fix"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eFedora CoreOS supports setting a GRUB bootloader password\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\nGRUB command-line, modify kernel command-line arguments, or boot\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\nmisconfiguration which allows booting non-default OSTree deployments\nwithout entering a password.  This allows someone with access to the\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\nany security fixes that have recently been applied to the machine.  A\npassword is still required to modify kernel command-line arguments and\nto access the GRUB command line.\n\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Fedora CoreOS supports setting a GRUB bootloader password\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\nGRUB command-line, modify kernel command-line arguments, or boot\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\nmisconfiguration which allows booting non-default OSTree deployments\nwithout entering a password.  This allows someone with access to the\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\nany security fixes that have recently been applied to the machine.  A\npassword is still required to modify kernel command-line arguments and\nto access the GRUB command line.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-03T17:49:43.071Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/coreos/fedora-coreos-tracker/issues/1333"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2022-3675",
        "datePublished": "2022-11-03T17:25:02.823Z",
        "dateReserved": "2022-10-24T06:40:10.332Z",
        "dateUpdated": "2025-05-02T18:53:10.153Z",
        "requesterUserId": "f3a2da25-33ae-4444-b293-a5bd0f5d6b21",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14638 (GCVE-0-2018-14638)

    Vulnerability from cvelistv5 – Published: 2018-09-14 19:00 – Updated: 2024-08-05 09:38
    VLAI
    Summary
    A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fedora Project 389-ds-base Affected: 1.3.8.4-13
    Create a notification for this product.
    Date Public
    2018-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:2757",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2757"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "389-ds-base",
              "vendor": "Fedora Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.8.4-13"
                }
              ]
            }
          ],
          "datePublic": "2018-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-26T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2018:2757",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2757"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2018-14638",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "389-ds-base",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.3.8.4-13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fedora Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:2757",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2757"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638"
                },
                {
                  "name": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73",
                  "refsource": "CONFIRM",
                  "url": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-14638",
        "datePublished": "2018-09-14T19:00:00.000Z",
        "dateReserved": "2018-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:38:13.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2008-001043

    Vulnerability from jvndb - Published: 2008-06-13 17:11 - Updated:2008-11-21 12:19
    Severity
    N/A (UNKNOWN) - -
    Summary
    X.Org Foundation X server buffer overflow vulnerability
    Details
    X server provided by the X.Org Foundation contains a buffer overflow vulnerability. The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow. X.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue. Takuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001043.html",
      "dc:date": "2008-11-21T12:19+09:00",
      "dcterms:issued": "2008-06-13T17:11+09:00",
      "dcterms:modified": "2008-11-21T12:19+09:00",
      "description": "X server provided by the X.Org Foundation contains a buffer overflow vulnerability. \r\n\r\nThe X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow. \r\n\r\nX.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue. \r\n\r\nTakuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA. \r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001043.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:fujitsu:pc-x",
          "@product": "FUJITSU PC-X",
          "@vendor": "FUJITSU",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:suse:suse_open_enterprise_server",
          "@product": "Open Enterprise Server",
          "@vendor": "SUSE",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:suse:suse_sles",
          "@product": "SUSE SLES",
          "@vendor": "SUSE",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:x.org:x.org_x11",
          "@product": "X.Org X11",
          "@vendor": "X.Org Foundation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:xfree86_project:xfree86",
          "@product": "XFree86",
          "@vendor": "XFree86 Project",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:apple:mac_os_x",
          "@product": "Apple Mac OS X",
          "@vendor": "Apple Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:apple:mac_os_x_server",
          "@product": "Apple Mac OS X Server",
          "@vendor": "Apple Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:canonical:ubuntu_linux",
          "@product": "Ubuntu",
          "@vendor": "Canonical",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:fedoraproject:fedora",
          "@product": "Fedora",
          "@vendor": "Fedora Project",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:gentoo:linux_x11",
          "@product": "Gentoo Linux x11-base/xorg-server",
          "@vendor": "Gentoo Foundation, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:gentoo:linux_x11-libs",
          "@product": "Gentoo Linux x11-libs/libXfont",
          "@vendor": "Gentoo Foundation, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:hp:hp-ux",
          "@product": "HP-UX",
          "@vendor": "Hewlett-Packard Development Company,L.P",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:ibm:aix",
          "@product": "IBM AIX",
          "@vendor": "IBM Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:mandriva:linux-xfree86",
          "@product": "Mandriva Linux XFree86",
          "@vendor": "Mandriva, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:mandriva:linux-xorg",
          "@product": "Mandriva Linux xorg-x11",
          "@vendor": "Mandriva, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:misc:miraclelinux_asianux_server",
          "@product": "Asianux Server",
          "@vendor": "Cybertrust Japan Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:openbsd:openbsd",
          "@product": "OpenBSD",
          "@vendor": "OpenBSD",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:opensuse_project:opensuse",
          "@product": "openSUSE",
          "@vendor": "openSUSE project",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:enterprise_linux",
          "@product": "Red Hat Enterprise Linux",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:enterprise_linux_desktop",
          "@product": "Red Hat Enterprise Linux Desktop",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:linux_advanced_workstation",
          "@product": "Red Hat Linux Advanced Workstation",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:rhel_desktop_workstation",
          "@product": "RHEL Desktop Workstation",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:sun:solaris",
          "@product": "Sun Solaris",
          "@vendor": "Sun Microsystems, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:suse:linux_desktop",
          "@product": "Novell Linux Desktop",
          "@vendor": "SUSE",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:suse:linux_enterprise_desktop",
          "@product": "SUSE Linux Enterprise Desktop",
          "@vendor": "SUSE",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:suse:linux_enterprise_server",
          "@product": "SUSE Linux Enterprise Server",
          "@vendor": "SUSE",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:suse:linux_pos",
          "@product": "Novell Linux POS",
          "@vendor": "SUSE",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:suse:suse_linux",
          "@product": "SUSE LINUX",
          "@vendor": "SUSE",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:suse:suse_sle_sdk",
          "@product": "SLE SDK",
          "@vendor": "SUSE",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.4",
        "@severity": "High",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2008-001043",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN88935101/index.html",
          "@id": "JVN#88935101",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
          "@id": "TRTA08-079A",
          "@source": "JVNTR"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006",
          "@id": "CVE-2008-0006",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0006",
          "@id": "CVE-2008-0006",
          "@source": "NVD"
        },
        {
          "#text": "http://www.ipa.go.jp/security/english/vuln/200806_XOrg_press_en.html",
          "@id": "Security Alert for X.Org Foundation X Server Vulnerability",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "http://www.us-cert.gov/cas/alerts/SA08-079A.html",
          "@id": "SA08-079A",
          "@source": "CERT-SA"
        },
        {
          "#text": "http://www.kb.cert.org/vuls/id/203220",
          "@id": "VU#203220",
          "@source": "CERT-VN"
        },
        {
          "#text": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html",
          "@id": "TA08-079A",
          "@source": "CERT-TA"
        },
        {
          "#text": "http://secunia.com/advisories/28532/",
          "@id": "SA28532",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://www.securityfocus.com/bid/27352",
          "@id": "27352",
          "@source": "BID"
        },
        {
          "#text": "http://securitytracker.com/id?1019232",
          "@id": "1019232",
          "@source": "SECTRACK"
        },
        {
          "#text": "http://www.frsirt.com/english/advisories/2008/0179",
          "@id": "FrSIRT/ADV-2008-0179",
          "@source": "FRSIRT"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html",
          "@id": "JVNDB-2008-001043",
          "@source": "JVNDB_Ja"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-119",
          "@title": "Buffer Errors(CWE-119)"
        }
      ],
      "title": "X.Org Foundation X server buffer overflow vulnerability"
    }