Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21538 | 3 Fedoraproject, Microsoft, Redhat | 5 Fedora, .net, Powershell and 2 more | 2025-01-01 | 7.5 High |
| .NET Denial of Service Vulnerability | ||||
| CVE-2018-20060 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Urllib3, Ansible Tower and 1 more | 2024-12-27 | N/A |
| urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. | ||||
| CVE-2022-1949 | 2 Fedoraproject, Redhat | 4 Fedora, 389 Directory Server, Directory Server and 1 more | 2024-12-13 | 7.5 High |
| An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. | ||||
| CVE-2023-36664 | 4 Artifex, Debian, Fedoraproject and 1 more | 5 Ghostscript, Debian Linux, Fedora and 2 more | 2024-12-05 | 7.8 High |
| Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | ||||
| CVE-2023-34475 | 2 Fedoraproject, Imagemagick | 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick | 2024-12-03 | 5.5 Medium |
| A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service. | ||||
| CVE-2023-3195 | 2 Fedoraproject, Imagemagick | 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick | 2024-12-03 | 5.5 Medium |
| A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. | ||||
| CVE-2023-34151 | 4 Debian, Fedoraproject, Imagemagick and 1 more | 5 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 2 more | 2024-12-02 | 5.5 Medium |
| A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). | ||||
| CVE-2022-2795 | 4 Debian, Fedoraproject, Isc and 1 more | 5 Debian Linux, Fedora, Bind and 2 more | 2024-11-29 | 5.3 Medium |
| By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | ||||
| CVE-2023-38403 | 7 Apple, Debian, Es and 4 more | 12 Macos, Debian Linux, Iperf3 and 9 more | 2024-11-27 | 7.5 High |
| iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. | ||||
| CVE-2023-39978 | 2 Fedoraproject, Imagemagick | 2 Fedora, Imagemagick | 2024-11-27 | 3.3 Low |
| ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. | ||||
| CVE-2020-10108 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-25 | 9.8 Critical |
| In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. | ||||
| CVE-2020-10109 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-25 | 9.8 Critical |
| In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. | ||||
| CVE-2019-12387 | 5 Canonical, Fedoraproject, Oracle and 2 more | 8 Ubuntu Linux, Fedora, Solaris and 5 more | 2024-11-25 | 6.1 Medium |
| In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. | ||||
| CVE-2024-1312 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | 5.1 Medium |
| A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system. | ||||
| CVE-2023-6238 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | 6.7 Medium |
| A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption. | ||||
| CVE-2023-5972 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | 7 High |
| A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system. | ||||
| CVE-2023-5551 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 3.3 Low |
| Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | ||||
| CVE-2023-5550 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 6.5 Medium |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | ||||
| CVE-2023-5549 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 3.3 Low |
| Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | ||||
| CVE-2023-5548 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 3.3 Low |
| Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | ||||