Fedoraproject Fedora
703 CVEs affecting Fedoraproject Fedora. Latest disclosed: 2024-05-07. Critical: 82, High: 165.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-41556 | Critical | 10.0 | 2022-07-28 | sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim e… |
CVE-2023-38545 | Critical | 9.8 | 2023-10-18 | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow t… |
CVE-2022-46393 | Critical | 9.8 | 2022-12-15 | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS… |
CVE-2019-11068 | Critical | 9.8 | 2019-04-10 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error… |
CVE-2015-5740 | Critical | 9.8 | 2017-10-18 | The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smu… |
CVE-2015-5739 | Critical | 9.8 | 2017-10-18 | The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP requ… |
CVE-2015-7687 | Critical | 9.8 | 2017-10-16 | Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors invol… |
CVE-2017-12170 | Critical | 9.8 | 2017-09-21 | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after updat… |
CVE-2017-11462 | Critical | 9.8 | 2017-09-13 | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security context… |
CVE-2015-6816 | Critical | 9.8 | 2017-08-09 | ganglia-web before 3.7.1 allows remote attackers to bypass authentication. |
CVE-2016-9961 | Critical | 9.8 | 2017-06-06 | game-music-emu before 0.6.1 mishandles unspecified integer values. |
CVE-2016-5178 | Critical | 9.8 | 2017-05-23 | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact vi… |
CVE-2016-10243 | Critical | 9.8 | 2017-05-02 | TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. |
CVE-2016-2173 | Critical | 9.8 | 2017-04-21 | org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. |
CVE-2017-5885 | Critical | 9.8 | 2017-02-28 | Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a… |
CVE-2016-9400 | Critical | 9.8 | 2017-02-22 | The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locat… |
CVE-2016-6233 | Critical | 9.8 | 2017-02-17 | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via ve… |
CVE-2016-4861 | Critical | 9.8 | 2017-02-17 | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by lev… |
CVE-2013-7459 | Critical | 9.8 | 2017-02-15 | Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrar… |
CVE-2016-2090 | Critical | 9.8 | 2017-01-13 | Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-b… |