Filtered by vendor Fedoraproject
Subscriptions
Total
5399 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38709 | 7 Apache, Apple, Broadcom and 4 more | 9 Http Server, Macos, Fabric Operating System and 6 more | 2025-06-30 | 7.3 High |
| Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. | ||||
| CVE-2024-24795 | 7 Apache, Apple, Broadcom and 4 more | 8 Http Server, Macos, Fabric Operating System and 5 more | 2025-06-30 | 6.3 Medium |
| HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue. | ||||
| CVE-2023-32627 | 3 Fedoraproject, Redhat, Sound Exchange Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2025-06-27 | 6.2 Medium |
| A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. | ||||
| CVE-2023-26590 | 3 Fedoraproject, Redhat, Sound Exchange Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2025-06-27 | 6.2 Medium |
| A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. | ||||
| CVE-2023-34318 | 3 Fedoraproject, Redhat, Sound Exchange Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2025-06-27 | 7.8 High |
| A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. | ||||
| CVE-2023-36328 | 2 Fedoraproject, Libtom | 2 Fedora, Libtommath | 2025-06-26 | 9.8 Critical |
| Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). | ||||
| CVE-2022-26490 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2025-06-25 | 7.8 High |
| st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | ||||
| CVE-2022-28390 | 5 Debian, Fedoraproject, Linux and 2 more | 7 Debian Linux, Fedora, Linux Kernel and 4 more | 2025-06-25 | 7.8 High |
| ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | ||||
| CVE-2023-4761 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-06-25 | 8.1 High |
| Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-39515 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-06-25 | 6.1 Medium |
| Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the data source_. _CENSUS_ found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user that has privileges related to viewing the `data_debug.php` information. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the data source path in _cacti_. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | ||||
| CVE-2024-0813 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | 8.8 High |
| Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) | ||||
| CVE-2024-0807 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | 8.8 High |
| Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-0806 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | 8.8 High |
| Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) | ||||
| CVE-2024-0805 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | 4.3 Medium |
| Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) | ||||
| CVE-2024-1874 | 3 Fedoraproject, Php, Php Group | 3 Fedora, Php, Php | 2025-06-18 | 9.4 Critical |
| In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. | ||||
| CVE-2024-31031 | 2 Fedoraproject, Libcoap | 2 Fedora, Libcoap | 2025-06-18 | 7.5 High |
| An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow. | ||||
| CVE-2024-0225 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-18 | 8.8 High |
| Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-0224 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-18 | 8.8 High |
| Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-0223 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-18 | 8.8 High |
| Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-0222 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-18 | 8.8 High |
| Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||