Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5329 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1513 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2025-02-25 | 3.3 Low |
| A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. | ||||
| CVE-2023-0056 | 3 Fedoraproject, Haproxy, Redhat | 12 Extra Packages For Enterprise Linux, Fedora, Haproxy and 9 more | 2025-02-25 | 6.5 Medium |
| An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. | ||||
| CVE-2021-3923 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2025-02-24 | 2.3 Low |
| A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms. | ||||
| CVE-2023-0494 | 3 Fedoraproject, Redhat, X.org | 22 Fedora, Enterprise Linux, Enterprise Linux Aus and 19 more | 2025-02-24 | 7.8 High |
| A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. | ||||
| CVE-2022-25601 | 2 Fedoraproject, Plugin-planet | 2 Fedora, Contact Form X | 2025-02-20 | 4.7 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). | ||||
| CVE-2023-28686 | 3 Debian, Dino, Fedoraproject | 3 Debian Linux, Dino, Fedora | 2025-02-19 | 5.3 Medium |
| Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information. | ||||
| CVE-2023-0179 | 4 Canonical, Fedoraproject, Linux and 1 more | 15 Ubuntu Linux, Fedora, Linux Kernel and 12 more | 2025-02-19 | 7.8 High |
| A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. | ||||
| CVE-2023-0664 | 4 Fedoraproject, Microsoft, Qemu and 1 more | 4 Fedora, Windows, Qemu and 1 more | 2025-02-18 | 7.8 High |
| A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. | ||||
| CVE-2023-26916 | 2 Cesnet, Fedoraproject | 2 Libyang, Fedora | 2025-02-18 | 5.3 Medium |
| libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. | ||||
| CVE-2023-29141 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-02-18 | 9.8 Critical |
| An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. | ||||
| CVE-2023-28755 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2025-02-14 | 5.3 Medium |
| A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. | ||||
| CVE-2023-27536 | 6 Debian, Fedoraproject, Haxx and 3 more | 16 Debian Linux, Fedora, Libcurl and 13 more | 2025-02-14 | 5.9 Medium |
| An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. | ||||
| CVE-2023-26118 | 2 Angularjs, Fedoraproject | 2 Angular, Fedora | 2025-02-14 | 5.3 Medium |
| Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | ||||
| CVE-2023-26117 | 2 Angularjs, Fedoraproject | 2 Angular, Fedora | 2025-02-14 | 5.3 Medium |
| Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | ||||
| CVE-2023-26116 | 2 Angularjs, Fedoraproject | 2 Angular, Fedora | 2025-02-14 | 5.3 Medium |
| Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | ||||
| CVE-2024-27285 | 3 Debian, Fedoraproject, Yardoc | 3 Debian Linux, Fedora, Yard | 2025-02-14 | 5.4 Medium |
| YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36. | ||||
| CVE-2024-35242 | 2 Fedoraproject, Getcomposer | 2 Fedora, Composer | 2025-02-13 | 8.8 High |
| Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories. | ||||
| CVE-2024-30260 | 3 Fedoraproject, Nodejs, Redhat | 3 Fedora, Undici, Openshift Devspaces | 2025-02-13 | 3.9 Low |
| Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1. | ||||
| CVE-2024-27319 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Onnx | 2025-02-13 | 4.4 Medium |
| Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy. | ||||
| CVE-2024-27318 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Onnx | 2025-02-13 | 7.5 High |
| Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882. | ||||