Vulnerabilities > Fedoraproject > Fedora > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-22 | CVE-2023-5002 | A flaw was found in pgAdmin. | 8.8 |
| 2023-09-21 | CVE-2023-4504 | Out-of-bounds Write vulnerability in multiple products Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. | 7.0 |
| 2023-09-21 | CVE-2023-41993 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products The issue was addressed with improved checks. | 8.8 |
| 2023-09-21 | CVE-2023-43669 | The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. | 7.5 |
| 2023-09-18 | CVE-2023-43115 | In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. | 8.8 |
| 2023-09-15 | CVE-2023-38039 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. | 7.5 |
| 2023-09-12 | CVE-2023-4863 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. network low complexity google fedoraproject debian mozilla microsoft webmproject netapp bentley bandisoft CWE-787 | 8.8 |
| 2023-09-09 | CVE-2023-41915 | Race Condition vulnerability in multiple products OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. | 8.1 |
| 2023-09-05 | CVE-2023-39357 | Cacti is an open source operational monitoring and fault management framework. | 8.8 |
| 2023-09-05 | CVE-2023-39358 | Cacti is an open source operational monitoring and fault management framework. | 8.8 |