Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 5107 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6780 2 Fedoraproject, Gnu 2 Fedora, Glibc 2024-03-04 N/A 5.3 MEDIUM
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.
CVE-2021-3621 2 Fedoraproject, Redhat 8 Fedora, Sssd, Enterprise Linux and 5 more 2024-03-04 9.3 HIGH 8.8 HIGH
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2023-52160 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Android and 4 more 2024-03-04 N/A 6.5 MEDIUM
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
CVE-2023-50387 8 Fedoraproject, Isc, Microsoft and 5 more 13 Fedora, Bind, Windows Server 2008 and 10 more 2024-03-04 N/A 7.5 HIGH
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2020-13578 2 Fedoraproject, Genivia 2 Fedora, Gsoap 2024-03-01 5.0 MEDIUM 7.5 HIGH
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2020-13577 2 Fedoraproject, Genivia 2 Fedora, Gsoap 2024-03-01 5.0 MEDIUM 7.5 HIGH
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2020-13576 2 Fedoraproject, Genivia 2 Fedora, Gsoap 2024-03-01 7.5 HIGH 9.8 CRITICAL
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2020-13575 2 Fedoraproject, Genivia 2 Fedora, Gsoap 2024-03-01 5.0 MEDIUM 7.5 HIGH
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2020-13574 2 Fedoraproject, Genivia 2 Fedora, Gsoap 2024-03-01 5.0 MEDIUM 7.5 HIGH
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2023-7104 2 Fedoraproject, Sqlite 2 Fedora, Sqlite 2024-02-29 5.2 MEDIUM 7.3 HIGH
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
CVE-2022-27406 2 Fedoraproject, Freetype 2 Fedora, Freetype 2024-02-29 5.0 MEDIUM 7.5 HIGH
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
CVE-2022-27405 2 Fedoraproject, Freetype 2 Fedora, Freetype 2024-02-29 5.0 MEDIUM 7.5 HIGH
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
CVE-2022-27404 2 Fedoraproject, Freetype 2 Fedora, Freetype 2024-02-29 7.5 HIGH 9.8 CRITICAL
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
CVE-2023-6004 3 Fedoraproject, Libssh, Redhat 3 Fedora, Libssh, Enterprise Linux 2024-02-28 N/A 4.8 MEDIUM
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
CVE-2024-0813 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-28 N/A 8.8 HIGH
Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
CVE-2024-0804 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-28 N/A 7.5 HIGH
Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-5997 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-28 N/A 8.8 HIGH
Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6511 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-28 N/A 4.3 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-0408 4 Fedoraproject, Redhat, Tigervnc and 1 more 12 Fedora, Enterprise Linux, Enterprise Linux Desktop and 9 more 2024-02-28 N/A 5.5 MEDIUM
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
CVE-2024-0223 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-28 N/A 8.8 HIGH
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)