Fedora - Vulncode-DB

Date	Id	Summary	Products	Score
2022-09-14	CVE-2022-40674	libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.	Debian_linux, Fedora, Libexpat	8.1
2022-10-24	CVE-2022-43680	In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.	Debian_linux, Fedora, Libexpat, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_compute_node_firmware, Oncommand_workflow_automation, Solidfire_\&_hci_management_node	7.5
2019-09-24	CVE-2019-5094	An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.	Ubuntu_linux, Debian_linux, E2fsprogs, Fedora, Hci_management_node, Solidfire	7.5
2021-08-12	CVE-2021-38604	In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.	Fedora, Glibc, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Enterprise_operations_monitor	7.5
2022-08-24	CVE-2022-32793	Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.	Ipados, Iphone_os, Macos, Tvos, Watchos, Fedora	7.5
2024-01-24	CVE-2024-0808	Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)	Debian_linux, Fedora, Chrome	9.8
2024-01-24	CVE-2024-0812	Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)	Fedora, Chrome	8.8
2024-01-24	CVE-2024-0814	Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)	Fedora, Chrome	6.5
2021-05-28	CVE-2021-29505	XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.	Debian_linux, Fedora, Snapmanager, Banking_cash_management, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_supply_chain_finance, Banking_trade_finance_process_management, Business_activity_monitoring, Communications_brm_\-_elastic_charging_engine, Communications_unified_inventory_management, Enterprise_manager_ops_center, Retail_customer_insights, Retail_xstore_point_of_service, Webcenter_portal, Webcenter_sites, Xstream	8.8
2022-09-20	CVE-2022-32886	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.	Ipados, Iphone_os, Safari, Debian_linux, Fedora	8.8

Product: Fedora (Fedoraproject)

Product:
Fedora
(Fedoraproject)