Filtered by vendor Fedoraproject Subscriptions
Filtered by product Fedora Subscriptions
Total 5244 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-38252 3 Fedoraproject, Redhat, Tats 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more 2025-02-08 4.7 Medium
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
CVE-2024-1454 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2025-02-08 3.4 Low
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.
CVE-2024-23837 2 Fedoraproject, Oisf 2 Fedora, Libhtp 2025-02-07 7.5 High
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
CVE-2023-6780 3 Fedoraproject, Gnu, Redhat 3 Fedora, Glibc, Enterprise Linux 2025-02-07 5.3 Medium
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.
CVE-2023-1994 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2025-02-07 6.3 Medium
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
CVE-2023-1993 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2025-02-07 6.3 Medium
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
CVE-2023-1992 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2025-02-07 6.3 Medium
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
CVE-2019-5544 4 Fedoraproject, Openslp, Redhat and 1 more 17 Fedora, Openslp, Enterprise Linux and 14 more 2025-02-07 9.8 Critical
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
CVE-2020-28949 5 Debian, Drupal, Fedoraproject and 2 more 6 Debian Linux, Drupal, Fedora and 3 more 2025-02-07 7.8 High
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
CVE-2020-16846 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2025-02-07 9.8 Critical
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
CVE-2014-0160 13 Broadcom, Canonical, Debian and 10 more 37 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 34 more 2025-02-07 7.5 High
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVE-2012-1823 8 Apple, Debian, Fedoraproject and 5 more 20 Mac Os X, Debian Linux, Fedora and 17 more 2025-02-07 9.8 Critical
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
CVE-2019-11043 6 Canonical, Debian, Fedoraproject and 3 more 26 Ubuntu Linux, Debian Linux, Fedora and 23 more 2025-02-07 8.7 High
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
CVE-2020-13671 2 Drupal, Fedoraproject 2 Drupal, Fedora 2025-02-07 8.8 High
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
CVE-2023-39197 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2025-02-07 4 Medium
An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.
CVE-2023-6270 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2025-02-07 7 High
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.
CVE-2023-5341 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2025-02-07 6.2 Medium
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVE-2024-0607 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2025-02-07 6.6 Medium
A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.
CVE-2023-3106 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2025-02-07 6.6 Medium
A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.
CVE-2023-42670 3 Fedoraproject, Redhat, Samba 4 Fedora, Enterprise Linux, Storage and 1 more 2025-02-07 6.5 Medium
A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.