Total
5056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0232 | 3 Fedoraproject, Redhat, Sqlite | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2024-03-15 | N/A | 5.5 MEDIUM |
| A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. | |||||
| CVE-2022-41854 | 2 Fedoraproject, Snakeyaml Project | 2 Fedora, Snakeyaml | 2024-03-15 | N/A | 6.5 MEDIUM |
| Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | |||||
| CVE-2015-2666 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-03-14 | 6.9 MEDIUM | N/A |
| Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd. | |||||
| CVE-2014-9529 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-03-14 | 6.9 MEDIUM | N/A |
| Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. | |||||
| CVE-2021-41583 | 3 Debian, Eduvpn, Fedoraproject | 3 Debian Linux, Vpn-user-portal, Fedora | 2024-03-12 | 9.0 HIGH | 6.5 MEDIUM |
| vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access. | |||||
| CVE-2023-3354 | 3 Fedoraproject, Qemu, Redhat | 4 Fedora, Qemu, Enterprise Linux and 1 more | 2024-03-11 | N/A | 7.5 HIGH |
| A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. | |||||
| CVE-2023-3576 | 3 Fedoraproject, Libtiff, Redhat | 3 Fedora, Libtiff, Enterprise Linux | 2024-03-11 | N/A | 5.5 MEDIUM |
| A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. | |||||
| CVE-2023-52160 | 6 Debian, Fedoraproject, Google and 3 more | 7 Debian Linux, Fedora, Android and 4 more | 2024-03-10 | N/A | 6.5 MEDIUM |
| The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | |||||
| CVE-2023-38559 | 4 Artifex, Debian, Fedoraproject and 1 more | 4 Ghostscript, Debian Linux, Fedora and 1 more | 2024-03-08 | N/A | 5.5 MEDIUM |
| A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. | |||||
| CVE-2023-6693 | 3 Fedoraproject, Qemu, Redhat | 3 Fedora, Qemu, Enterprise Linux | 2024-03-08 | N/A | 5.3 MEDIUM |
| A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak. | |||||
| CVE-2020-5395 | 3 Fedoraproject, Fontforge, Opensuse | 3 Fedora, Fontforge, Leap | 2024-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. | |||||
| CVE-2019-15605 | 6 Debian, Fedoraproject, Nodejs and 3 more | 13 Debian Linux, Fedora, Node.js and 10 more | 2024-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed | |||||
| CVE-2023-31137 | 3 Debian, Fedoraproject, Maradns | 3 Debian Linux, Fedora, Maradns | 2024-03-07 | N/A | 7.5 HIGH |
| MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination. The vulnerability exists in the `decomp_get_rddata` function within the `Decompress.c` file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the `rdlength` is smaller than `rdata`, the result of the line `Decompress.c:886` is a negative number `len = rdlength - total;`. This value is then passed to the `decomp_append_bytes` function without proper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate. Consequently, the program exits with an error code of 64, causing a Denial of Service. One proposed fix for this vulnerability is to patch `Decompress.c:887` by breaking `if(len <= 0)`, which has been incorporated in version 3.5.0036 via commit bab062bde40b2ae8a91eecd522e84d8b993bab58. | |||||
| CVE-2023-36328 | 2 Fedoraproject, Libtom | 2 Fedora, Libtommath | 2024-03-07 | N/A | 9.8 CRITICAL |
| Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). | |||||
| CVE-2023-50387 | 8 Fedoraproject, Isc, Microsoft and 5 more | 13 Fedora, Bind, Windows Server 2008 and 10 more | 2024-03-07 | N/A | 7.5 HIGH |
| Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. | |||||
| CVE-2021-3621 | 2 Fedoraproject, Redhat | 8 Fedora, Sssd, Enterprise Linux and 5 more | 2024-03-04 | 9.3 HIGH | 8.8 HIGH |
| A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-13578 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2024-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-13577 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2024-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-13576 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2024-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-13575 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2024-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||