Filtered by vendor Fedoraproject Subscriptions
Total 5374 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-18442 4 Debian, Fedoraproject, Gdraheim and 1 more 4 Debian Linux, Fedora, Zziplib and 1 more 2025-07-10 3.3 Low
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
CVE-2019-5418 5 Debian, Fedoraproject, Opensuse and 2 more 8 Debian Linux, Fedora, Leap and 5 more 2025-07-09 7.5 High
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVE-2024-0229 3 Fedoraproject, Redhat, X.org 12 Fedora, Enterprise Linux, Enterprise Linux Aus and 9 more 2025-07-09 7.8 High
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.
CVE-2023-6816 4 Debian, Fedoraproject, Redhat and 1 more 12 Debian Linux, Fedora, Enterprise Linux and 9 more 2025-07-09 9.8 Critical
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
CVE-2023-5367 4 Debian, Fedoraproject, Redhat and 1 more 16 Debian Linux, Fedora, Enterprise Linux and 13 more 2025-07-09 7.8 High
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
CVE-2022-24464 3 Fedoraproject, Microsoft, Redhat 7 Fedora, .net, .net Core and 4 more 2025-07-08 7.5 High
.NET and Visual Studio Denial of Service Vulnerability
CVE-2022-24512 3 Fedoraproject, Microsoft, Redhat 8 Fedora, .net, .net Core and 5 more 2025-07-08 6.3 Medium
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-1488 2 Fedoraproject, Redhat 23 Unbound, Codeready Linux Builder, Codeready Linux Builder Eus and 20 more 2025-07-05 8 High
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
CVE-2019-19886 2 Fedoraproject, Owasp 2 Fedora, Modsecurity 2025-07-03 7.5 High
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.
CVE-2023-4322 2 Fedoraproject, Radare 2 Fedora, Radare2 2025-07-03 9.8 Critical
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
CVE-2023-4358 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-07-03 8.8 High
Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-32003 2 Fedoraproject, Nodejs 2 Fedora, Node.js 2025-07-03 5.3 Medium
`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
CVE-2019-20444 5 Canonical, Debian, Fedoraproject and 2 more 19 Ubuntu Linux, Debian Linux, Fedora and 16 more 2025-07-01 9.1 Critical
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CVE-2023-4428 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-07-01 8.1 High
Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
CVE-2023-46218 3 Fedoraproject, Haxx, Redhat 7 Fedora, Curl, Enterprise Linux and 4 more 2025-06-30 6.5 Medium
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
CVE-2024-36048 2 Fedoraproject, Qt 2 Fedora, Qt 2025-06-30 9.8 Critical
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
CVE-2023-38709 7 Apache, Apple, Broadcom and 4 more 9 Http Server, Macos, Fabric Operating System and 6 more 2025-06-30 7.3 High
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
CVE-2024-24795 7 Apache, Apple, Broadcom and 4 more 8 Http Server, Macos, Fabric Operating System and 5 more 2025-06-30 6.3 Medium
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
CVE-2023-26590 3 Fedoraproject, Redhat, Sound Exchange Project 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more 2025-06-27 6.2 Medium
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.
CVE-2023-32627 3 Fedoraproject, Redhat, Sound Exchange Project 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more 2025-06-27 6.2 Medium
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.