Filtered by vendor Fedoraproject
Subscribe
Total
4878 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4900 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-4813 | 4 Fedoraproject, Gnu, Netapp and 1 more | 21 Fedora, Glibc, Active Iq Unified Manager and 18 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. | |||||
| CVE-2023-4806 | 3 Fedoraproject, Gnu, Redhat | 22 Fedora, Glibc, Codeready Linux Builder Eus and 19 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. | |||||
| CVE-2023-4761 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.1 HIGH |
| Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4752 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.1858. | |||||
| CVE-2023-4750 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.1857. | |||||
| CVE-2023-4733 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.1840. | |||||
| CVE-2023-4572 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4535 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2024-11-21 | N/A | 4.5 MEDIUM |
| An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security. | |||||
| CVE-2023-4527 | 4 Fedoraproject, Gnu, Netapp and 1 more | 32 Fedora, Glibc, H300s and 29 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. | |||||
| CVE-2023-4504 | 3 Debian, Fedoraproject, Openprinting | 4 Debian Linux, Fedora, Cups and 1 more | 2024-11-21 | N/A | 7.0 HIGH |
| Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. | |||||
| CVE-2023-4431 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.1 HIGH |
| Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-4430 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4429 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4428 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.1 HIGH |
| Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4427 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.1 HIGH |
| Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4408 | 3 Fedoraproject, Isc, Netapp | 3 Fedora, Bind, Ontap | 2024-11-21 | N/A | 7.5 HIGH |
| The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | |||||
| CVE-2023-4367 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-4366 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-4365 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||