Fedoraproject Security Vulnerabilities
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU p...
4.4CVSS
5.4AI Score
0.001EPSS
4.3CVSS
4.5AI Score
0.001EPSS
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).
5.5CVSS
6.2AI Score
0.0004EPSS
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
7.8CVSS
7.7AI Score
0.0004EPSS
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as ...
8.8CVSS
8.4AI Score
0.004EPSS
A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
7.8CVSS
7.6AI Score
0.001EPSS
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an a...
7.5CVSS
7.4AI Score
0.003EPSS
7.1CVSS
6.8AI Score
0.002EPSS
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the co...
5.3CVSS
5.8AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
5.5CVSS
5.3AI Score
0.002EPSS
A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.
5.5CVSS
5AI Score
0.0004EPSS
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges i...
8.8CVSS
9AI Score
0.009EPSS
7.8CVSS
7.6AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.001EPSS
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
7.8CVSS
8AI Score
0.095EPSS
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.
7.8CVSS
7.3AI Score
0.0004EPSS
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.
7.8CVSS
7.3AI Score
0.0004EPSS
7.1CVSS
6.7AI Score
0.001EPSS
Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.
7.1CVSS
6.7AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.001EPSS
Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.
7.1CVSS
6.7AI Score
0.001EPSS
7.1CVSS
6.6AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
5.5CVSS
5.3AI Score
0.002EPSS
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
5.5CVSS
5.3AI Score
0.002EPSS
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
7.8CVSS
7.8AI Score
0.002EPSS
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
9.8CVSS
9.3AI Score
0.008EPSS
7.8CVSS
7.6AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.003EPSS
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
5.5CVSS
6AI Score
0.001EPSS
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
5.5CVSS
5.9AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.
6.1CVSS
5.9AI Score
0.001EPSS
7.8CVSS
8AI Score
0.001EPSS
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
7.5CVSS
8.3AI Score
0.005EPSS
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
9.8CVSS
9.2AI Score
0.011EPSS
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
7.5CVSS
8.3AI Score
0.005EPSS
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
6.5CVSS
7.7AI Score
0.005EPSS
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
7.5CVSS
8.3AI Score
0.004EPSS
6.5CVSS
6AI Score
0.001EPSS
7.8CVSS
8AI Score
0.001EPSS
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a...
9.1CVSS
8.9AI Score
0.001EPSS
7.8CVSS
8AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.001EPSS
7.1CVSS
7.3AI Score
0.001EPSS