Total
5316 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27017 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-10-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update the set. Based on patch from Florian Westphal. | |||||
| CVE-2023-41360 | 3 Debian, Fedoraproject, Frrouting | 3 Debian Linux, Fedora, Frrouting | 2024-10-16 | N/A | 9.1 CRITICAL |
| An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. | |||||
| CVE-2023-38408 | 2 Fedoraproject, Openbsd | 2 Fedora, Openssh | 2024-10-15 | N/A | 9.8 CRITICAL |
| The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | |||||
| CVE-2020-35662 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-10-15 | 5.8 MEDIUM | 7.4 HIGH |
| In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | |||||
| CVE-2023-45802 | 3 Apache, Debian, Fedoraproject | 3 Http Server, Debian Linux, Fedora | 2024-10-15 | N/A | 5.9 MEDIUM |
| When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | |||||
| CVE-2020-28049 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-10-15 | 3.3 LOW | 6.3 MEDIUM |
| An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. | |||||
| CVE-2021-3996 | 2 Fedoraproject, Kernel | 2 Fedora, Util-linux | 2024-10-15 | N/A | 5.5 MEDIUM |
| A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | |||||
| CVE-2023-1533 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-10-10 | N/A | 8.8 HIGH |
| Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1531 | 3 Chromium, Fedoraproject, Google | 3 Chromium, Fedora, Chrome | 2024-10-10 | N/A | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1532 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-10-10 | N/A | 8.8 HIGH |
| Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1529 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-10-09 | N/A | 9.8 CRITICAL |
| Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) | |||||
| CVE-2023-1528 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-10-09 | N/A | 8.8 HIGH |
| Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1815 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-10-08 | N/A | 8.8 HIGH |
| Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1820 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-10-08 | N/A | 8.8 HIGH |
| Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1534 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-10-08 | N/A | 8.8 HIGH |
| Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1810 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-10-08 | N/A | 8.8 HIGH |
| Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1812 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-10-08 | N/A | 8.8 HIGH |
| Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1811 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-10-08 | N/A | 8.8 HIGH |
| Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2021-1723 | 2 Fedoraproject, Microsoft | 3 Fedora, Asp.net Core, Visual Studio 2019 | 2024-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| ASP.NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2023-6702 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Edge Chromium | 2024-10-08 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||