Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 4625 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-38408 2 Fedoraproject, Openbsd 2 Fedora, Openssh 2023-09-23 N/A 9.8 CRITICAL
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
CVE-2023-4863 6 Debian, Fedoraproject, Google and 3 more 8 Debian Linux, Fedora, Chrome and 5 more 2023-09-22 N/A 8.8 HIGH
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
CVE-2016-1238 5 Apache, Debian, Fedoraproject and 2 more 5 Spamassassin, Debian Linux, Fedora and 2 more 2023-09-22 7.2 HIGH 7.8 HIGH
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
CVE-2023-32003 2 Fedoraproject, Nodejs 2 Fedora, Node.js 2023-09-21 N/A 5.3 MEDIUM
`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
CVE-2023-24329 3 Fedoraproject, Netapp, Python 6 Fedora, Active Iq Unified Manager, Management Services For Element Software and 3 more 2023-09-20 N/A 7.5 HIGH
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
CVE-2021-23336 6 Debian, Djangoproject, Fedoraproject and 3 more 12 Debian Linux, Django, Fedora and 9 more 2023-09-20 4.0 MEDIUM 5.9 MEDIUM
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.
CVE-2022-0391 4 Fedoraproject, Netapp, Oracle and 1 more 10 Fedora, Active Iq Unified Manager, Hci and 7 more 2023-09-20 5.0 MEDIUM 7.5 HIGH
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
CVE-2023-4813 3 Fedoraproject, Gnu, Redhat 3 Fedora, Glibc, Enterprise Linux 2023-09-20 N/A 5.9 MEDIUM
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
CVE-2023-38039 2 Fedoraproject, Haxx 2 Fedora, Curl 2023-09-20 N/A 7.5 HIGH
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.
CVE-2023-4155 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2023-09-19 N/A 5.6 MEDIUM
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).
CVE-2023-4128 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2023-09-19 N/A 7.8 HIGH
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.
CVE-2023-4004 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2023-09-19 N/A 7.8 HIGH
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.
CVE-2023-36328 2 Fedoraproject, Libtom 2 Fedora, Libtommath 2023-09-18 N/A 9.8 CRITICAL
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).
CVE-2023-4733 2 Fedoraproject, Vim 2 Fedora, Vim 2023-09-18 N/A 7.8 HIGH
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
CVE-2023-4752 2 Fedoraproject, Vim 2 Fedora, Vim 2023-09-18 N/A 7.8 HIGH
Use After Free in GitHub repository vim/vim prior to 9.0.1858.
CVE-2023-4750 2 Fedoraproject, Vim 2 Fedora, Vim 2023-09-18 N/A 7.8 HIGH
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
CVE-2022-1615 2 Fedoraproject, Samba 2 Fedora, Samba 2023-09-17 N/A 5.5 MEDIUM
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.
CVE-2020-25717 5 Canonical, Debian, Fedoraproject and 2 more 25 Ubuntu Linux, Debian Linux, Fedora and 22 more 2023-09-17 8.5 HIGH 8.1 HIGH
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
CVE-2022-32743 2 Fedoraproject, Samba 2 Fedora, Samba 2023-09-17 N/A 7.5 HIGH
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
CVE-2021-44141 3 Fedoraproject, Redhat, Samba 3 Fedora, Storage, Samba 2023-09-17 3.5 LOW 4.3 MEDIUM
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.