Filtered by vendor Fedoraproject
Subscribe
Total
5352 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1811 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1810 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1786 | 2 Canonical, Fedoraproject | 3 Cloud-init, Ubuntu Linux, Fedora | 2024-11-21 | N/A | 5.5 MEDIUM |
| Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. | |||||
| CVE-2023-1672 | 3 Fedoraproject, Redhat, Tang Project | 3 Fedora, Enterprise Linux, Tang | 2024-11-21 | N/A | 5.3 MEDIUM |
| A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host. | |||||
| CVE-2023-1667 | 4 Debian, Fedoraproject, Libssh and 1 more | 4 Debian Linux, Fedora, Libssh and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. | |||||
| CVE-2023-1544 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2024-11-21 | N/A | 6.0 MEDIUM |
| A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. | |||||
| CVE-2023-1534 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1533 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1532 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1531 | 3 Chromium, Fedoraproject, Google | 3 Chromium, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1529 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 9.8 CRITICAL |
| Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) | |||||
| CVE-2023-1528 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1386 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2024-11-21 | N/A | 3.3 LOW |
| A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host. | |||||
| CVE-2023-1289 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G. | |||||
| CVE-2023-1264 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | |||||
| CVE-2023-1206 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 5.7 MEDIUM |
| A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. | |||||
| CVE-2023-1183 | 3 Fedoraproject, Libreoffice, Redhat | 3 Fedora, Libreoffice, Enterprise Linux | 2024-11-21 | N/A | 5.0 MEDIUM |
| A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. | |||||
| CVE-2023-1127 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | |||||
| CVE-2023-1055 | 2 Fedoraproject, Redhat | 2 Fedora, Directory Server | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2023-0179 | 4 Canonical, Fedoraproject, Linux and 1 more | 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
| A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. | |||||