Lucene search

K
FedoraprojectExtra Packages For Enterprise Linux8.0

52 matches found

CVE
CVE
added 2022/07/28 2:15 a.m.1582 views

CVE-2022-2294

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.02193EPSS
CVE
CVE
added 2023/03/23 9:15 p.m.866 views

CVE-2023-0056

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

6.5CVSS6.3AI score0.00148EPSS
CVE
CVE
added 2022/02/15 4:15 p.m.813 views

CVE-2022-21698

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and ...

7.5CVSS8.8AI score0.00317EPSS
CVE
CVE
added 2022/03/18 7:15 a.m.576 views

CVE-2022-27191

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

7.5CVSS9.3AI score0.00072EPSS
CVE
CVE
added 2023/03/23 8:15 p.m.493 views

CVE-2023-1289

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of ...

5.5CVSS5.5AI score0.001EPSS
CVE
CVE
added 2023/12/24 6:15 a.m.402 views

CVE-2023-51766

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but som...

5.3CVSS5.3AI score0.03209EPSS
CVE
CVE
added 2023/11/19 10:15 a.m.359 views

CVE-2023-5341

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

6.2CVSS6.1AI score0.00036EPSS
CVE
CVE
added 2023/05/30 10:15 p.m.347 views

CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

5.5CVSS6.4AI score0.001EPSS
CVE
CVE
added 2022/04/20 10:15 a.m.336 views

CVE-2022-28327

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

7.5CVSS9.4AI score0.00111EPSS
CVE
CVE
added 2023/05/30 10:15 p.m.315 views

CVE-2023-34153

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

7.8CVSS8.7AI score0.00886EPSS
CVE
CVE
added 2022/07/28 1:15 a.m.276 views

CVE-2022-2158

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.00505EPSS
CVE
CVE
added 2022/11/29 6:15 p.m.255 views

CVE-2022-4144

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use t...

6.5CVSS6AI score0.0001EPSS
CVE
CVE
added 2020/01/16 4:15 a.m.243 views

CVE-2020-7106

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to t...

6.1CVSS6.7AI score0.04094EPSS
CVE
CVE
added 2022/07/28 2:15 a.m.233 views

CVE-2022-2295

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.00608EPSS
CVE
CVE
added 2022/07/28 2:15 a.m.224 views

CVE-2022-2163

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.

8.8CVSS8.9AI score0.00178EPSS
CVE
CVE
added 2021/02/23 7:15 p.m.197 views

CVE-2021-20247

A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposi...

7.4CVSS7.1AI score0.00546EPSS
CVE
CVE
added 2023/09/25 8:15 p.m.193 views

CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

7.8CVSS7.4AI score0.00042EPSS
CVE
CVE
added 2022/06/16 6:15 p.m.166 views

CVE-2022-32546

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

7.8CVSS6.2AI score0.001EPSS
CVE
CVE
added 2020/12/08 1:15 a.m.145 views

CVE-2020-27818

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

4.3CVSS3.8AI score0.00163EPSS
CVE
CVE
added 2022/06/16 6:15 p.m.144 views

CVE-2022-32545

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

7.8CVSS7.4AI score0.0008EPSS
CVE
CVE
added 2022/07/28 2:15 a.m.135 views

CVE-2022-2296

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

8.8CVSS8.9AI score0.00529EPSS
CVE
CVE
added 2023/12/12 10:15 p.m.135 views

CVE-2023-5764

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.

7.8CVSS7.1AI score0.00071EPSS
CVE
CVE
added 2022/01/06 4:15 a.m.120 views

CVE-2021-46141

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

5.5CVSS5.2AI score0.00086EPSS
CVE
CVE
added 2022/01/06 4:15 a.m.120 views

CVE-2021-46142

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

5.5CVSS5.2AI score0.00086EPSS
CVE
CVE
added 2022/04/26 4:15 p.m.120 views

CVE-2022-24882

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. ...

9.1CVSS8.7AI score0.00217EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.119 views

CVE-2022-2719

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

5.5CVSS5.5AI score0.0002EPSS
CVE
CVE
added 2023/05/30 10:15 p.m.117 views

CVE-2023-34152

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

9.8CVSS9.5AI score0.68915EPSS
CVE
CVE
added 2022/04/19 5:15 p.m.116 views

CVE-2022-25648

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perf...

9.8CVSS9.2AI score0.01606EPSS
CVE
CVE
added 2022/01/31 8:15 a.m.114 views

CVE-2021-45079

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

9.1CVSS9.1AI score0.0006EPSS
CVE
CVE
added 2023/10/04 7:15 p.m.114 views

CVE-2023-3428

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

6.2CVSS6AI score0.00021EPSS
CVE
CVE
added 2020/02/26 4:15 p.m.104 views

CVE-2020-9274

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-e...

7.5CVSS7.2AI score0.00968EPSS
CVE
CVE
added 2023/07/14 6:15 p.m.101 views

CVE-2023-38252

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

5.5CVSS4.8AI score0.00018EPSS
CVE
CVE
added 2024/01/16 2:15 p.m.90 views

CVE-2024-0232

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

5.5CVSS5.1AI score0.00018EPSS
CVE
CVE
added 2022/09/19 6:15 p.m.88 views

CVE-2022-3213

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

5.5CVSS5.7AI score0.00031EPSS
CVE
CVE
added 2022/12/09 6:15 p.m.86 views

CVE-2022-4170

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.

9.8CVSS9.3AI score0.01486EPSS
CVE
CVE
added 2023/12/21 4:15 p.m.86 views

CVE-2023-4255

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resu...

5.5CVSS6.1AI score0.00107EPSS
CVE
CVE
added 2022/02/14 12:15 p.m.81 views

CVE-2022-0571

Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.

6.8CVSS6.1AI score0.0037EPSS
CVE
CVE
added 2023/04/12 10:15 p.m.78 views

CVE-2023-1906

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of servi...

5.5CVSS5.5AI score0.00022EPSS
CVE
CVE
added 2023/07/14 6:15 p.m.76 views

CVE-2023-38253

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

5.5CVSS4.8AI score0.00018EPSS
CVE
CVE
added 2022/09/30 5:15 p.m.74 views

CVE-2022-40315

A limited SQL injection risk was identified in the "browse list of users" site administration page.

9.8CVSS9.6AI score0.00417EPSS
CVE
CVE
added 2022/09/30 5:15 p.m.73 views

CVE-2022-40313

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.

7.1CVSS6.5AI score0.00355EPSS
CVE
CVE
added 2023/06/16 8:15 p.m.71 views

CVE-2023-3195

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

5.5CVSS5.5AI score0.00015EPSS
CVE
CVE
added 2023/07/10 9:15 p.m.69 views

CVE-2023-34432

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

7.8CVSS7.7AI score0.00047EPSS
CVE
CVE
added 2021/09/08 4:15 p.m.68 views

CVE-2021-21897

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

8.8CVSS8.7AI score0.00793EPSS
CVE
CVE
added 2023/07/10 6:15 p.m.66 views

CVE-2023-34318

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.

7.8CVSS7.7AI score0.00043EPSS
CVE
CVE
added 2022/09/30 5:15 p.m.63 views

CVE-2022-40316

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

4.3CVSS4.5AI score0.00196EPSS
CVE
CVE
added 2023/12/21 4:15 p.m.63 views

CVE-2023-4256

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a ...

5.5CVSS5.1AI score0.00011EPSS
CVE
CVE
added 2023/07/10 6:15 p.m.58 views

CVE-2023-32627

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.

6.2CVSS5.8AI score0.00064EPSS
CVE
CVE
added 2023/07/10 6:15 p.m.57 views

CVE-2023-26590

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.

6.2CVSS5.8AI score0.00035EPSS
CVE
CVE
added 2023/06/16 8:15 p.m.57 views

CVE-2023-34475

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service...

5.5CVSS5.5AI score0.00023EPSS
Total number of security vulnerabilities52