Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 5167 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6546 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2024-07-16 N/A 7.0 HIGH
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
CVE-2021-3773 4 Fedoraproject, Linux, Oracle and 1 more 6 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more 2024-07-16 7.5 HIGH 9.8 CRITICAL
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
CVE-2019-11043 6 Canonical, Debian, Fedoraproject and 3 more 23 Ubuntu Linux, Debian Linux, Fedora and 20 more 2024-07-16 7.5 HIGH 9.8 CRITICAL
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
CVE-2012-1823 8 Apple, Debian, Fedoraproject and 5 more 17 Mac Os X, Debian Linux, Fedora and 14 more 2024-07-16 7.5 HIGH 9.8 CRITICAL
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
CVE-2020-7247 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-07-16 10.0 HIGH 9.8 CRITICAL
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVE-2023-41915 3 Debian, Fedoraproject, Openpmix 3 Debian Linux, Fedora, Openpmix 2024-07-11 N/A 8.1 HIGH
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.
CVE-2023-1729 3 Fedoraproject, Libraw, Redhat 3 Fedora, Libraw, Enterprise Linux 2024-07-10 N/A 6.5 MEDIUM
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
CVE-2021-3156 8 Beyondtrust, Debian, Fedoraproject and 5 more 31 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 28 more 2024-07-09 7.2 HIGH 7.8 HIGH
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2023-38545 4 Fedoraproject, Haxx, Microsoft and 1 more 13 Fedora, Libcurl, Windows 10 1809 and 10 more 2024-07-09 N/A 9.8 CRITICAL
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
CVE-2024-0567 4 Debian, Fedoraproject, Gnu and 1 more 4 Debian Linux, Fedora, Gnutls and 1 more 2024-07-08 N/A 7.5 HIGH
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
CVE-2024-0553 3 Fedoraproject, Gnu, Redhat 3 Fedora, Gnutls, Enterprise Linux 2024-07-08 N/A 7.5 HIGH
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
CVE-2023-5981 3 Fedoraproject, Gnu, Redhat 3 Fedora, Gnutls, Linux 2024-07-08 N/A 5.9 MEDIUM
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
CVE-2022-2856 4 Apple, Fedoraproject, Google and 1 more 4 Macos, Fedora, Chrome and 1 more 2024-07-08 N/A 6.5 MEDIUM
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
CVE-2022-1941 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Protobuf-cpp and 1 more 2024-07-05 N/A 7.5 HIGH
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
CVE-2024-5847 2 Fedoraproject, Google 2 Fedora, Chrome 2024-07-03 N/A 8.8 HIGH
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
CVE-2024-5846 2 Fedoraproject, Google 2 Fedora, Chrome 2024-07-03 N/A 8.8 HIGH
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
CVE-2024-5845 2 Fedoraproject, Google 2 Fedora, Chrome 2024-07-03 N/A 8.8 HIGH
Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
CVE-2024-5844 2 Fedoraproject, Google 2 Fedora, Chrome 2024-07-03 N/A 8.8 HIGH
Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-5843 2 Fedoraproject, Google 2 Fedora, Chrome 2024-07-03 N/A 6.5 MEDIUM
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)
CVE-2024-5842 2 Fedoraproject, Google 2 Fedora, Chrome 2024-07-03 N/A 8.8 HIGH
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)