fedoraproject

5,420 tracked vulnerabilities.

CVE-2024-3833 HIGH
Google Chrome <124.0.6367.60 - Memory Corruption
Apr 17, 2024
CVSS 8.8
EPSS 0.03
CVE-2024-3832 HIGH
Google Chrome < 124.0.6367.60 - Remote Code Execution via V8 Object Corruption
Apr 17, 2024
CVSS 8.8
EPSS 0.05
CVE-2024-21096 MEDIUM
MySQL Server < 8.0.36 and 8.3.0 - Unauthenticated Partial Denial of Service and Data Manipulation via mysqldump
Apr 16, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-31497 MEDIUM
PuTTY 0.68-0.80 - Cryptographically Weak PRNG in ECDSA Nonce Generation
Apr 15, 2024
CVSS 5.9
EPSS 0.23
CVE-2024-3772 MEDIUM
Pydantic < 1.10.13 and 2.0.0-2.4.0 - Denial of Service via Crafted Email String
Apr 15, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-3516 MEDIUM
Google Chrome <123.0.6312.122 - Buffer Overflow
Apr 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-3515 MEDIUM
Google Chrome <123.0.6312.122 - Use After Free
Apr 10, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-3157 CRITICAL
Google Chrome <123.0.6312.122 - Memory Corruption
Apr 10, 2024
CVSS 9.6
EPSS 0.01
CVE-2024-31309 HIGH
Apache Traffic Server 8.0.0-8.1.9 9.0.0-9.2.3 - Denial of Service via HTTP/2 CONTINUATION Frames
Apr 10, 2024
CVSS 7.5
EPSS 0.11
CVE-2024-24576 CRITICAL
Rust <1.77.2 - Command Injection
Apr 09, 2024
CVSS 10.0
EPSS 0.81
CVE-2024-26256 HIGH
libarchive < 3.7.4 - Remote Code Execution via Heap-based Buffer Overflow
Apr 09, 2024
CVSS 7.8
EPSS 0.38
CVE-2024-27316 HIGH
Apache HTTP Server 2.4.17-2.4.58 - Denial of Service via HTTP/2 Header Buffering
Apr 04, 2024
CVSS 7.5
EPSS 0.88
CVE-2024-24795 MEDIUM
Apache HTTP Server 2.4.0-2.4.58 - HTTP Response Splitting via Malicious Response Headers
Apr 04, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-30260 LOW
undici < 5.28.4 - Improper Authorization via Uncleared Headers in undici.request()
Apr 04, 2024
CVSS 3.9
EPSS 0.00
CVE-2024-3116 HIGH
pgAdmin4 <= 8.4 - Remote Code Execution via Validate Binary Path API
Apr 04, 2024
CVSS 7.4
EPSS 0.91
CVE-2024-30261 LOW
Undici < 5.28.4 - Improper Access Control via Integrity Option Tampering
Apr 04, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-28182 MEDIUM
nghttp2 < 1.61.0 - Denial of Service via Unbounded HTTP/2 CONTINUATION Frames
Apr 04, 2024
CVSS 5.3
EPSS 0.25
CVE-2024-3209 MEDIUM
UPX < 4.2.2 - Heap-based Buffer Overflow in get_ne64 Function
Apr 02, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-28960 HIGH
Mbed TLS 2.18.0-2.28.x < 2.28.8 and 3.x < 3.6.0 and Mbed Crypto - Improper Access Control in PSA Crypto API
Mar 29, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-2398 HIGH
curl 7.44.0-8.6.0 - Memory Leak via HTTP/2 Server Push Header Limit Abort
Mar 27, 2024
CVSS 8.6
EPSS 0.02
CVE-2024-2004 LOW
curl 7.85.0-8.6.0 - Protocol Filter Bypass via Empty Protocol Set
Mar 27, 2024
CVSS 3.5
EPSS 0.01
CVE-2024-2887 HIGH
Google Chrome < 123.0.6312.86 - Remote Code Execution via WebAssembly Type Confusion
Mar 26, 2024
CVSS 7.7
EPSS 0.13
CVE-2024-2886 HIGH
Chrome < 123.0.6312.86 - Use-After-Free in WebCodecs
Mar 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-2885 HIGH
Google Chrome < 123.0.6312.86 - Use-After-Free in Dawn via Crafted HTML Page
Mar 26, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-2883 HIGH
Google Chrome < 123.0.6312.86 - Use-After-Free in ANGLE via Crafted HTML Page
Mar 26, 2024
CVSS 8.8
EPSS 0.00
Products
fedora 5,351 extra_packages_for_enterprise_linux 76 389_directory_server 39 sssd 18 fedora_core 8 389_administration_server 1 anaconda 1 arm_installer 1 commons 1 coolkey 1 crypto-utils 1 fedmsg 1 fedora_linux_kernel 1 python-fedora 1 sectool 1 selinux-policy 1 spin-kickstarts 1 supybot-fedora 1 unbound 1
Quick Filters
Critical CVEs With Exploits In CISA KEV