Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-25 CVE-2022-4318 Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products
A vulnerability was found in cri-o.
local
low complexity
kubernetes redhat fedoraproject CWE-913
7.8
2023-09-25 CVE-2023-4156 Out-of-bounds Read vulnerability in multiple products
A heap out-of-bounds read flaw was found in builtin.c in the gawk package.
local
low complexity
gnu redhat fedoraproject CWE-125
7.1
2023-09-15 CVE-2023-38039 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.
network
low complexity
haxx fedoraproject CWE-770
7.5
2023-09-12 CVE-2023-4863 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
8.8
2023-09-11 CVE-2023-4881 Out-of-bounds Write vulnerability in multiple products
A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel.
local
low complexity
linux redhat fedoraproject CWE-787
7.1
2023-09-04 CVE-2023-4733 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
local
low complexity
vim fedoraproject CWE-416
7.8
2023-09-04 CVE-2023-4750 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
local
low complexity
vim fedoraproject CWE-416
7.8
2023-09-04 CVE-2023-4752 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.1858.
local
low complexity
vim fedoraproject CWE-416
7.8
2023-08-23 CVE-2023-3899 Incorrect Authorization vulnerability in multiple products
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization.
local
low complexity
redhat fedoraproject CWE-863
7.8
2023-08-16 CVE-2023-20197 Infinite Loop vulnerability in multiple products
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding.
network
low complexity
cisco fedoraproject CWE-835
7.5