Fedora Extra Packages For Enterprise Linux
20 CVEs affecting Fedora Extra Packages For Enterprise Linux. Latest disclosed: 2024-02-04. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-34432 | High | 7.8 | 2023-07-10 | A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, cod… |
CVE-2023-34318 | High | 7.8 | 2023-07-10 | A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code exec… |
CVE-2021-4435 | High | 7.7 | 2024-02-04 | An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious c… |
CVE-2023-3430 | High | 7.5 | 2023-12-18 | A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to p… |
CVE-2023-2680 | High | 7.5 | 2023-09-13 | This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2… |
CVE-2023-3354 | High | 7.5 | 2023-07-11 | A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a cer… |
CVE-2023-6395 | Medium | 6.7 | 2024-01-16 | The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with ro… |
CVE-2023-32627 | Medium | 6.2 | 2023-07-10 | A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. |
CVE-2023-26590 | Medium | 6.2 | 2023-07-10 | A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of servi… |
CVE-2023-4135 | Medium | 6.0 | 2023-08-04 | A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before c… |
CVE-2023-3180 | Medium | 6.0 | 2023-08-03 | A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for th… |
CVE-2022-4132 | Medium | 5.9 | 2023-10-04 | A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the… |
CVE-2023-3301 | Medium | 5.6 | 2023-09-13 | A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has… |
CVE-2023-4255 | Medium | 5.5 | 2023-12-21 | An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability… |
CVE-2023-4256 | Medium | 5.5 | 2023-12-21 | Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnera… |
CVE-2023-32611 | Medium | 5.5 | 2023-09-14 | A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial… |
CVE-2023-29499 | Medium | 5.5 | 2023-09-14 | A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. |
CVE-2023-32665 | Medium | 5.5 | 2023-09-14 | A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leadin… |
CVE-2023-38253 | Medium | 4.7 | 2023-07-14 | An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a… |
CVE-2023-1386 | Low | 3.3 | 2023-07-24 | A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, no… |