Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5319 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1597 | 4 Fedoraproject, Pgjdbc, Postgresql and 1 more | 14 Fedora, Pgjdbc, Postgresql Jdbc Driver and 11 more | 2025-06-12 | 10 Critical |
| pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected. | ||||
| CVE-2023-39323 | 3 Fedoraproject, Golang, Redhat | 3 Fedora, Go, Enterprise Linux | 2025-06-12 | 8.1 High |
| Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. | ||||
| CVE-2023-5858 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-06-12 | 4.3 Medium |
| Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-41752 | 3 Apache, Apache Software Foundation, Fedoraproject | 3 Traffic Server, Apache Traffic Server, Fedora | 2025-06-12 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue. | ||||
| CVE-2023-39456 | 2 Apache, Fedoraproject | 2 Traffic Server, Fedora | 2025-06-12 | 7.5 High |
| Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue. | ||||
| CVE-2023-46849 | 3 Debian, Fedoraproject, Openvpn | 4 Debian Linux, Fedora, Openvpn and 1 more | 2025-06-11 | 7.5 High |
| Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service. | ||||
| CVE-2024-34500 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-06-11 | 6.1 Medium |
| An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class. | ||||
| CVE-2023-50008 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-10 | 7.8 High |
| FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. | ||||
| CVE-2024-31585 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-09 | 5.3 Medium |
| FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2023-50010 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-09 | 7.8 High |
| FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component. | ||||
| CVE-2023-50009 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-09 | 8 High |
| FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component. | ||||
| CVE-2021-33910 | 5 Debian, Fedoraproject, Netapp and 2 more | 8 Debian Linux, Fedora, Hci Management Node and 5 more | 2025-06-09 | 5.5 Medium |
| basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | ||||
| CVE-2020-29562 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Glibc, E-series Santricity Os Controller | 2025-06-09 | 4.8 Medium |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | ||||
| CVE-2020-13776 | 4 Fedoraproject, Netapp, Redhat and 1 more | 6 Fedora, Active Iq Unified Manager, Solidfire \& Hci Management Node and 3 more | 2025-06-09 | 6.7 Medium |
| systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. | ||||
| CVE-2019-25013 | 6 Broadcom, Debian, Fedoraproject and 3 more | 12 Fabric Operating System, Debian Linux, Fedora and 9 more | 2025-06-09 | 5.9 Medium |
| The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. | ||||
| CVE-2019-20386 | 6 Canonical, Fedoraproject, Netapp and 3 more | 9 Ubuntu Linux, Fedora, Active Iq Unified Manager and 6 more | 2025-06-09 | 5.1 Medium |
| An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. | ||||
| CVE-2011-3045 | 6 Debian, Fedoraproject, Google and 3 more | 13 Debian Linux, Fedora, Chrome and 10 more | 2025-06-09 | 8.8 High |
| Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. | ||||
| CVE-2019-3843 | 5 Canonical, Fedoraproject, Netapp and 2 more | 9 Ubuntu Linux, Fedora, Cn1610 and 6 more | 2025-06-09 | 7.8 High |
| It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled. | ||||
| CVE-2019-3842 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2025-06-09 | 7.0 High |
| In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any". | ||||
| CVE-2020-11080 | 7 Debian, Fedoraproject, Nghttp2 and 4 more | 16 Debian Linux, Fedora, Nghttp2 and 13 more | 2025-06-09 | 3.7 Low |
| In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. | ||||