Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-04 | CVE-2023-3428 | A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. | Extra_packages_for_enterprise_linux, Fedora, Imagemagick | 5.5 | ||
| 2023-10-04 | CVE-2023-3576 | A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. | Fedora, Libtiff, Enterprise_linux | 5.5 | ||
| 2023-10-05 | CVE-2023-40745 | LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | Fedora, Libtiff, Active_iq_unified_manager, Enterprise_linux | 6.5 | ||
| 2023-10-05 | CVE-2023-42754 | A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. | Fedora, Linux_kernel, Enterprise_linux | 5.5 | ||
| 2023-10-05 | CVE-2023-5441 | NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. | Fedora, Vim | 5.5 | ||
| 2023-10-06 | CVE-2023-39928 | A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. | Debian_linux, Fedora, Webkitgtk | 8.8 | ||
| 2023-10-06 | CVE-2023-45239 | A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. | Tac_plus, Fedora | 9.8 | ||
| 2023-10-07 | CVE-2023-43615 | Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | Mbed_tls, Fedora | 7.5 | ||
| 2023-10-09 | CVE-2023-39189 | A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | Fedora, Linux_kernel, Enterprise_linux | 6.0 | ||
| 2023-10-09 | CVE-2023-39192 | A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. | Fedora, Linux_kernel, Enterprise_linux | 6.0 |