ReportizFlow
Filtered by vendor Fedoraproject
Subscriptions
Total
5402 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27923 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2025-08-15 | 7.5 High |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | ||||
| CVE-2021-27922 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2025-08-15 | 7.5 High |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | ||||
| CVE-2021-27921 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2025-08-15 | 7.5 High |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | ||||
| CVE-2015-7747 | 3 Audiofile, Canonical, Fedoraproject | 3 Audiofile, Ubuntu Linux, Fedora | 2025-08-13 | 8.8 High |
| Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. | ||||
| CVE-2022-1292 | 7 Debian, Fedoraproject, Netapp and 4 more | 58 Debian Linux, Fedora, A250 and 55 more | 2025-08-13 | 9.8 Critical |
| The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). | ||||
| CVE-2024-23313 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-13 | 9.8 Critical |
| An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-23809 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-11 | 9.8 Critical |
| A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-23606 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-11 | 9.8 Critical |
| An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-23310 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-11 | 9.8 Critical |
| A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-23305 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-11 | 9.8 Critical |
| An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-22097 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-11 | 9.8 Critical |
| A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-21812 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-11 | 9.8 Critical |
| An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-21795 | 3 Fedoraproject, Libbiosig Project, The Biosig Project | 3 Fedora, Libbiosig, Libbiosig | 2025-08-11 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-3109 | 3 Debian, Fedoraproject, Ffmpeg | 3 Debian Linux, Fedora, Ffmpeg | 2025-08-07 | 7.5 High |
| An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | ||||
| CVE-2024-38277 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | 5.4 Medium |
| A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. | ||||
| CVE-2024-38274 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | 6.1 Medium |
| Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. | ||||
| CVE-2024-4855 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-08-07 | 3.6 Low |
| Use after free issue in editcap could cause denial of service via crafted capture file | ||||
| CVE-2024-38273 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | 5.4 Medium |
| Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | ||||
| CVE-2023-4235 | 3 Fedoraproject, Ofono, Ofono Project | 3 Fedora, Ofono, Ofono | 2025-08-07 | 8.1 High |
| A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver_report(). | ||||
| CVE-2023-4234 | 2 Fedoraproject, Ofono Project | 2 Fedora, Ofono | 2025-08-07 | 8.1 High |
| A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_submit_report(). | ||||