Fedora Fedora
80 CVEs affecting Fedora Fedora. Latest disclosed: 2024-04-17. Critical: 2, High: 28.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-32254 | Critical | 9.8 | 2023-07-10 | A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT c… |
CVE-2023-32250 | Critical | 9.0 | 2023-07-10 | A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP com… |
CVE-2023-6246 | High | 8.4 | 2024-01-31 | A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. Th… |
CVE-2023-6779 | High | 8.2 | 2024-01-31 | An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog f… |
CVE-2023-4235 | High | 8.1 | 2024-04-17 | A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS deco… |
CVE-2023-4234 | High | 8.1 | 2024-04-17 | A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decod… |
CVE-2023-4233 | High | 8.1 | 2024-04-17 | A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_field() function during the SMS P… |
CVE-2023-4232 | High | 8.1 | 2024-04-17 | A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decod… |
CVE-2023-6258 | High | 8.1 | 2024-01-30 | A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited success… |
CVE-2023-32257 | High | 8.1 | 2023-07-24 | A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and… |
CVE-2023-32258 | High | 8.1 | 2023-07-24 | A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_C… |
CVE-2023-3269 | High | 7.8 | 2023-07-11 | A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is inco… |
CVE-2023-34432 | High | 7.8 | 2023-07-10 | A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, cod… |
CVE-2023-34318 | High | 7.8 | 2023-07-10 | A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code exec… |
CVE-2021-4435 | High | 7.7 | 2024-02-04 | An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious c… |
CVE-2023-3966 | High | 7.5 | 2024-02-22 | A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory a… |
CVE-2023-6200 | High | 7.5 | 2024-01-28 | A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router adve… |
CVE-2023-3430 | High | 7.5 | 2023-12-18 | A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to p… |
CVE-2023-4154 | High | 7.5 | 2023-11-07 | A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Do… |
CVE-2023-2680 | High | 7.5 | 2023-09-13 | This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2… |