Filtered by vendor Fedoraproject Subscriptions
Filtered by product Fedora Subscriptions
Total 5226 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-23809 2 Fedoraproject, Libbiosig Project 2 Fedora, Libbiosig 2025-01-22 9.8 Critical
A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2024-27319 2 Fedoraproject, Linuxfoundation 2 Fedora, Onnx 2025-01-22 4.4 Medium
Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.
CVE-2024-21795 2 Fedoraproject, Libbiosig Project 2 Fedora, Libbiosig 2025-01-21 9.8 Critical
A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2024-21812 2 Fedoraproject, Libbiosig Project 2 Fedora, Libbiosig 2025-01-21 9.8 Critical
An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2024-22097 2 Fedoraproject, Libbiosig Project 2 Fedora, Libbiosig 2025-01-21 9.8 Critical
A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2024-23305 2 Fedoraproject, Libbiosig Project 2 Fedora, Libbiosig 2025-01-21 9.8 Critical
An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2010-4577 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2025-01-21 7.5 High
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
CVE-2009-2416 11 Apple, Canonical, Debian and 8 more 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more 2025-01-21 6.5 Medium
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
CVE-2024-0690 2 Fedoraproject, Redhat 8 Fedora, Ansible, Ansible Automation Platform and 5 more 2025-01-17 5 Medium
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
CVE-2023-0049 2 Fedoraproject, Vim 2 Fedora, Vim 2025-01-17 7.8 High
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
CVE-2022-24809 4 Debian, Fedoraproject, Net-snmp and 1 more 16 Debian Linux, Fedora, Net-snmp and 13 more 2025-01-17 6.5 Medium
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24808 4 Debian, Fedoraproject, Net-snmp and 1 more 16 Debian Linux, Fedora, Net-snmp and 13 more 2025-01-17 6.5 Medium
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2008-3282 3 Apache, Fedoraproject, Redhat 3 Openoffice, Fedora, Enterprise Linux 2025-01-17 7.8 High
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.
CVE-2008-2374 3 Bluez, Fedoraproject, Redhat 4 Bluez-libs, Bluez-utils, Fedora and 1 more 2025-01-17 9.8 Critical
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.
CVE-2022-24807 4 Debian, Fedoraproject, Net-snmp and 1 more 16 Debian Linux, Fedora, Net-snmp and 13 more 2025-01-17 6.5 Medium
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24806 4 Debian, Fedoraproject, Net-snmp and 1 more 16 Debian Linux, Fedora, Net-snmp and 13 more 2025-01-17 6.5 Medium
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24805 4 Debian, Fedoraproject, Net-snmp and 1 more 16 Debian Linux, Fedora, Net-snmp and 13 more 2025-01-17 6.5 Medium
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-36109 2 Fedoraproject, Mobyproject 2 Fedora, Moby 2025-01-17 5.3 Medium
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.
CVE-2012-3363 3 Debian, Fedoraproject, Zend 3 Debian Linux, Fedora, Zend Framework 2025-01-16 9.1 Critical
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
CVE-2023-31124 3 C-ares Project, Fedoraproject, Redhat 5 C-ares, Fedora, Enterprise Linux and 2 more 2025-01-16 3.7 Low
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.