Filtered by vendor Fedoraproject
Subscriptions
Total
5398 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16782 | 4 Fedoraproject, Opensuse, Rack and 1 more | 6 Fedora, Leap, Rack and 3 more | 2025-02-13 | 6.3 Medium |
| There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison. | ||||
| CVE-2023-1611 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2025-02-13 | 6.3 Medium |
| A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea | ||||
| CVE-2021-20240 | 2 Fedoraproject, Gnome | 2 Fedora, Gdk-pixbuf | 2025-02-12 | 8.8 High |
| A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2022-24810 | 4 Debian, Fedoraproject, Net-snmp and 1 more | 5 Debian Linux, Fedora, Net-snmp and 2 more | 2025-02-11 | 6.5 Medium |
| net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | ||||
| CVE-2023-1906 | 2 Fedoraproject, Imagemagick | 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick | 2025-02-10 | 5.5 Medium |
| A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. | ||||
| CVE-2023-1994 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2025-02-07 | 6.3 Medium |
| GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2023-1993 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2025-02-07 | 6.3 Medium |
| LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2023-1992 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2025-02-07 | 6.3 Medium |
| RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2023-29659 | 2 Fedoraproject, Struktur | 2 Fedora, Libheif | 2025-01-29 | 6.5 Medium |
| A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. | ||||
| CVE-2023-31047 | 3 Djangoproject, Fedoraproject, Redhat | 5 Django, Fedora, Rhui and 2 more | 2025-01-29 | 9.8 Critical |
| In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. | ||||
| CVE-2023-2700 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Libvirt and 1 more | 2025-01-28 | 5.5 Medium |
| A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. | ||||
| CVE-2023-32570 | 2 Fedoraproject, Videolan | 2 Fedora, Dav1d | 2025-01-28 | 5.9 Medium |
| VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. | ||||
| CVE-2024-25983 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | 3.5 Low |
| Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). | ||||
| CVE-2024-25978 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | 7.5 High |
| Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality. | ||||
| CVE-2024-25979 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | 5.3 Medium |
| The URL parameters accepted by forum search were not limited to the allowed parameters. | ||||
| CVE-2024-25980 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | 4.3 Medium |
| Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. | ||||
| CVE-2024-25981 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | 4.3 Medium |
| Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. | ||||
| CVE-2023-2731 | 3 Fedoraproject, Libtiff, Redhat | 3 Fedora, Libtiff, Enterprise Linux | 2025-01-22 | 5.5 Medium |
| A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. | ||||
| CVE-2023-33204 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2025-01-22 | 7.8 High |
| sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. | ||||
| CVE-2022-24809 | 4 Debian, Fedoraproject, Net-snmp and 1 more | 16 Debian Linux, Fedora, Net-snmp and 13 more | 2025-01-17 | 6.5 Medium |
| net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | ||||