Vulnerabilities > Fedoraproject > Fedora > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-03 | CVE-2023-3961 | Path Traversal vulnerability in multiple products A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. | 9.8 |
2023-10-18 | CVE-2023-39332 | Path Traversal vulnerability in multiple products Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. | 9.8 |
2023-10-18 | CVE-2023-38545 | Out-of-bounds Write vulnerability in multiple products This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. | 9.8 |
2023-10-06 | CVE-2023-45239 | A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. | 9.8 |
2023-09-21 | CVE-2023-41993 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products The issue was addressed with improved checks. | 9.8 |
2023-09-05 | CVE-2023-39361 | SQL Injection vulnerability in multiple products Cacti is an open source operational monitoring and fault management framework. | 9.8 |
2023-09-01 | CVE-2023-36328 | Integer Overflow or Wraparound vulnerability in multiple products Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). | 9.8 |
2023-08-31 | CVE-2023-40569 | Out-of-bounds Write vulnerability in multiple products FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. | 9.8 |
2023-08-31 | CVE-2023-40567 | Out-of-bounds Write vulnerability in multiple products FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. | 9.8 |
2023-08-31 | CVE-2023-40188 | Out-of-bounds Read vulnerability in multiple products FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. | 9.1 |