Vulnerabilities > Fedoraproject > Fedora > 40

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-26	CVE-2024-1622	Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening. network low complexity nlnetlabs fedoraproject	7.5
2024-02-23	CVE-2024-27318	Path Traversal vulnerability in multiple products Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. network low complexity linuxfoundation fedoraproject CWE-22	7.5
2024-02-23	CVE-2024-27319	Out-of-bounds Read vulnerability in multiple products Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy. network low complexity linuxfoundation fedoraproject CWE-125 critical	9.1
2024-02-23	CVE-2024-25629	Out-of-bounds Read vulnerability in multiple products c-ares is a C library for asynchronous DNS requests. local low complexity c-ares fedoraproject CWE-125	5.5
2024-02-21	CVE-2023-42843	Authentication Bypass by Spoofing vulnerability in multiple products An inconsistent user interface issue was addressed with improved state management. network low complexity apple fedoraproject wpewebkit webkitgtk CWE-290	4.3
2024-02-19	CVE-2024-26134	Classic Buffer Overflow vulnerability in multiple products cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. network low complexity agronholm fedoraproject CWE-120	7.5
2024-02-19	CVE-2024-1597	SQL Injection vulnerability in multiple products pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. network low complexity postgresql fedoraproject CWE-89 critical	9.8
2024-02-19	CVE-2024-1580	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. network low complexity videolan apple fedoraproject CWE-190	8.8
2024-02-12	CVE-2024-1454	The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. high complexity opensc-project redhat fedoraproject	3.4
2024-02-06	CVE-2024-1048	Incomplete Cleanup vulnerability in multiple products A flaw was found in the grub2-set-bootflag utility of grub2. local low complexity gnu redhat fedoraproject CWE-459	3.3