Filtered by vendor Fedoraproject
Subscribe
Total
5331 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30554 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2023-7024 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-03 | N/A | 8.8 HIGH |
| Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-6345 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2025-02-03 | N/A | 9.6 CRITICAL |
| Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | |||||
| CVE-2021-37973 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-03 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2024-1488 | 2 Fedoraproject, Redhat | 19 Unbound, Codeready Linux Builder, Codeready Linux Builder Eus and 16 more | 2025-01-30 | N/A | 8.0 HIGH |
| A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. | |||||
| CVE-2023-29659 | 2 Fedoraproject, Struktur | 2 Fedora, Libheif | 2025-01-29 | N/A | 6.5 MEDIUM |
| A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. | |||||
| CVE-2023-31047 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2025-01-29 | N/A | 9.8 CRITICAL |
| In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. | |||||
| CVE-2023-2700 | 2 Fedoraproject, Redhat | 3 Fedora, Enterprise Linux, Libvirt | 2025-01-28 | N/A | 5.5 MEDIUM |
| A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. | |||||
| CVE-2023-32570 | 2 Fedoraproject, Videolan | 2 Fedora, Dav1d | 2025-01-28 | N/A | 5.9 MEDIUM |
| VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. | |||||
| CVE-2023-4911 | 6 Canonical, Debian, Fedoraproject and 3 more | 38 Ubuntu Linux, Debian Linux, Fedora and 35 more | 2025-01-27 | N/A | 7.8 HIGH |
| A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | |||||
| CVE-2024-32760 | 2 F5, Fedoraproject | 3 Nginx Open Source, Nginx Plus, Fedora | 2025-01-24 | N/A | 6.5 MEDIUM |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | |||||
| CVE-2024-34161 | 2 F5, Fedoraproject | 3 Nginx Open Source, Nginx Plus, Fedora | 2025-01-24 | N/A | 5.3 MEDIUM |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. | |||||
| CVE-2024-35200 | 2 F5, Fedoraproject | 3 Nginx Open Source, Nginx Plus, Fedora | 2025-01-24 | N/A | 5.3 MEDIUM |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. | |||||
| CVE-2024-31079 | 2 F5, Fedoraproject | 3 Nginx Open Source, Nginx Plus, Fedora | 2025-01-24 | N/A | 4.8 MEDIUM |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or causeĀ other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over. | |||||
| CVE-2024-25983 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 3.5 LOW |
| Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). | |||||
| CVE-2024-25978 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 7.5 HIGH |
| Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality. | |||||
| CVE-2024-25979 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 5.3 MEDIUM |
| The URL parameters accepted by forum search were not limited to the allowed parameters. | |||||
| CVE-2024-25980 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 4.3 MEDIUM |
| Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. | |||||
| CVE-2024-25981 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 4.3 MEDIUM |
| Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. | |||||
| CVE-2024-25982 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 4.3 MEDIUM |
| The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. | |||||