Filtered by vendor Fedoraproject
Subscribe
Total
5171 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34153 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2023-11-07 | N/A | 7.8 HIGH |
| A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. | |||||
| CVE-2023-34152 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. | |||||
| CVE-2023-33460 | 3 Debian, Fedoraproject, Yajl Project | 3 Debian Linux, Fedora, Yajl | 2023-11-07 | N/A | 6.5 MEDIUM |
| There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. | |||||
| CVE-2023-33204 | 3 Debian, Fedoraproject, Sysstat Project | 3 Debian Linux, Fedora, Sysstat | 2023-11-07 | N/A | 7.8 HIGH |
| sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. | |||||
| CVE-2023-32627 | 3 Fedoraproject, Redhat, Sox Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2023-11-07 | N/A | 5.5 MEDIUM |
| A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. | |||||
| CVE-2023-32570 | 2 Fedoraproject, Videolan | 2 Fedora, Dav1d | 2023-11-07 | N/A | 5.9 MEDIUM |
| VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. | |||||
| CVE-2023-31047 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2023-11-07 | N/A | 9.8 CRITICAL |
| In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. | |||||
| CVE-2023-29659 | 2 Fedoraproject, Struktur | 2 Fedora, Libheif | 2023-11-07 | N/A | 6.5 MEDIUM |
| A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. | |||||
| CVE-2023-29408 | 2 Fedoraproject, Golang | 2 Fedora, Image | 2023-11-07 | N/A | 6.5 MEDIUM |
| The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU. | |||||
| CVE-2023-29407 | 2 Fedoraproject, Golang | 2 Fedora, Image | 2023-11-07 | N/A | 6.5 MEDIUM |
| A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero. | |||||
| CVE-2023-29141 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2023-11-07 | N/A | 9.8 CRITICAL |
| An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. | |||||
| CVE-2023-28686 | 3 Debian, Dino, Fedoraproject | 3 Debian Linux, Dino, Fedora | 2023-11-07 | N/A | 7.1 HIGH |
| Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information. | |||||
| CVE-2023-28321 | 5 Apple, Debian, Fedoraproject and 2 more | 14 Macos, Debian Linux, Fedora and 11 more | 2023-11-07 | N/A | 5.9 MEDIUM |
| An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. | |||||
| CVE-2023-27320 | 2 Fedoraproject, Sudo Project | 2 Fedora, Sudo | 2023-11-07 | N/A | 7.2 HIGH |
| Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | |||||
| CVE-2023-26916 | 2 Cesnet, Fedoraproject | 2 Libyang, Fedora | 2023-11-07 | N/A | 5.3 MEDIUM |
| libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. | |||||
| CVE-2023-26590 | 3 Fedoraproject, Redhat, Sox Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2023-11-07 | N/A | 5.5 MEDIUM |
| A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. | |||||
| CVE-2023-26118 | 2 Angularjs, Fedoraproject | 2 Angular, Fedora | 2023-11-07 | N/A | 5.3 MEDIUM |
| Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | |||||
| CVE-2023-26117 | 2 Angularjs, Fedoraproject | 2 Angular, Fedora | 2023-11-07 | N/A | 5.3 MEDIUM |
| Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | |||||
| CVE-2023-26116 | 2 Angularjs, Fedoraproject | 2 Angular, Fedora | 2023-11-07 | N/A | 5.3 MEDIUM |
| Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | |||||
| CVE-2023-26081 | 2 Fedoraproject, Gnome | 2 Fedora, Epiphany | 2023-11-07 | N/A | 7.5 HIGH |
| In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | |||||