Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2023-12-24 CVE-2023-7101 Code Injection vulnerability in multiple products
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files.
local
low complexity
jmcnamara debian fedoraproject CWE-94
7.8
2023-12-24 CVE-2023-51767 OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit.
local
high complexity
openssh fedoraproject redhat
7.0
2023-12-24 CVE-2023-51766 Insufficient Verification of Data Authenticity vulnerability in multiple products
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations.
network
low complexity
exim fedoraproject debian CWE-345
5.3
2023-12-24 CVE-2023-51764 Insufficient Verification of Data Authenticity vulnerability in multiple products
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions).
network
low complexity
postfix fedoraproject redhat CWE-345
5.3
2023-12-21 CVE-2023-7024 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-787
8.8
2023-12-21 CVE-2023-6546 Race Condition vulnerability in multiple products
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel.
local
high complexity
linux fedoraproject redhat CWE-362
7.0
2023-12-21 CVE-2023-4255 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application.
local
low complexity
tats fedoraproject CWE-787
5.5
2023-12-21 CVE-2023-4256 Double Free vulnerability in multiple products
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c.
local
low complexity
broadcom fedoraproject CWE-415
5.5
2023-12-19 CVE-2023-6918 Unchecked Return Value vulnerability in multiple products
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends.
network
low complexity
libssh redhat fedoraproject CWE-252
5.3
2023-12-14 CVE-2023-6702 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject microsoft CWE-843
8.8