Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5319 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35567 | 5 Debian, Fedoraproject, Netapp and 2 more | 19 Debian Linux, Fedora, Active Iq Unified Manager and 16 more | 2025-08-15 | 6.8 Medium |
| Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). | ||||
| CVE-2021-27923 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2025-08-15 | 7.5 High |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | ||||
| CVE-2021-27922 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2025-08-15 | 7.5 High |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | ||||
| CVE-2021-27921 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2025-08-15 | 7.5 High |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | ||||
| CVE-2015-7747 | 3 Audiofile, Canonical, Fedoraproject | 3 Audiofile, Ubuntu Linux, Fedora | 2025-08-13 | 8.8 High |
| Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. | ||||
| CVE-2022-1292 | 7 Debian, Fedoraproject, Netapp and 4 more | 58 Debian Linux, Fedora, A250 and 55 more | 2025-08-13 | 9.8 Critical |
| The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). | ||||
| CVE-2024-23313 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-13 | 9.8 Critical |
| An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-23809 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-10 | 9.8 Critical |
| A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-23606 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-10 | 9.8 Critical |
| An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-23310 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-10 | 9.8 Critical |
| A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-23305 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-10 | 9.8 Critical |
| An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-22097 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-10 | 9.8 Critical |
| A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-21812 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-10 | 9.8 Critical |
| An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-21795 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-10 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-44228 | 13 Apache, Apple, Bentley and 10 more | 178 Log4j, Xcode, Synchro and 175 more | 2025-08-08 | 10 Critical |
| Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. | ||||
| CVE-2022-3109 | 3 Debian, Fedoraproject, Ffmpeg | 3 Debian Linux, Fedora, Ffmpeg | 2025-08-07 | 7.5 High |
| An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | ||||
| CVE-2024-38277 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | 5.4 Medium |
| A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. | ||||
| CVE-2024-38274 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | 6.1 Medium |
| Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. | ||||
| CVE-2024-4855 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-08-07 | 3.6 Low |
| Use after free issue in editcap could cause denial of service via crafted capture file | ||||
| CVE-2024-38273 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | 5.4 Medium |
| Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | ||||