Search Results (5376 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-3180 4 Debian, Fedoraproject, Qemu and 1 more 5 Debian Linux, Fedora, Qemu and 2 more 2024-11-21 6 Medium
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
CVE-2023-38802 5 Debian, Fedoraproject, Frrouting and 2 more 9 Debian Linux, Fedora, Frrouting and 6 more 2024-11-21 7.5 High
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).
CVE-2023-38633 4 Debian, Fedoraproject, Gnome and 1 more 5 Debian Linux, Fedora, Librsvg and 2 more 2024-11-21 5.5 Medium
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
CVE-2023-38408 3 Fedoraproject, Openbsd, Redhat 9 Fedora, Openssh, Devworkspace and 6 more 2024-11-21 9.8 Critical
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
CVE-2023-38197 3 Fedoraproject, Qt, Redhat 3 Fedora, Qt, Enterprise Linux 2024-11-21 7.5 High
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
CVE-2023-34474 2 Fedoraproject, Imagemagick 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick 2024-11-21 5.5 Medium
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
CVE-2023-34432 3 Fedoraproject, Redhat, Sound Exchange Project 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 7.8 High
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
CVE-2023-31490 4 Debian, Fedoraproject, Frrouting and 1 more 4 Debian Linux, Fedora, Frrouting and 1 more 2024-11-21 7.5 High
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.
CVE-2023-31489 3 Fedoraproject, Frrouting, Redhat 3 Fedora, Frrouting, Enterprise Linux 2024-11-21 5.5 Medium
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.
CVE-2023-30944 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 5.6 Medium
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.
CVE-2023-30943 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 6.5 Medium
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
CVE-2023-2602 4 Debian, Fedoraproject, Libcap Project and 1 more 5 Debian Linux, Fedora, Libcap and 2 more 2024-11-21 3.3 Low
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.
CVE-2023-2269 5 Debian, Fedoraproject, Linux and 2 more 14 Debian Linux, Fedora, Linux Kernel and 11 more 2024-11-21 4.4 Medium
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.
CVE-2023-2156 4 Debian, Fedoraproject, Linux and 1 more 4 Debian Linux, Fedora, Linux Kernel and 1 more 2024-11-21 7.5 High
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.
CVE-2023-28336 2 Fedoraproject, Moodle 2 Fedora, Moodle 2024-11-21 4.3 Medium
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
CVE-2023-28333 2 Fedoraproject, Moodle 2 Fedora, Moodle 2024-11-21 9.8 Critical
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).
CVE-2023-20900 7 Debian, Fedoraproject, Linux and 4 more 12 Debian Linux, Fedora, Linux Kernel and 9 more 2024-11-21 7.1 High
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
CVE-2023-20588 5 Amd, Debian, Fedoraproject and 2 more 78 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 75 more 2024-11-21 5.5 Medium
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 
CVE-2023-20569 5 Amd, Debian, Fedoraproject and 2 more 302 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 299 more 2024-11-21 4.7 Medium
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
CVE-2023-20197 2 Cisco, Fedoraproject 3 Secure Endpoint, Secure Endpoint Private Cloud, Fedora 2024-11-21 7.5 High
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .