Fedoraproject Fedora vulnerabilities
5,277 known vulnerabilities affecting fedoraproject/fedora.
Total CVEs
5,277
CISA KEV
84
actively exploited
Public exploits
147
Exploited in wild
101
Severity breakdown
CRITICAL514HIGH2325MEDIUM2265LOW173
Vulnerabilities
Page 32 of 264
CVE-2023-4359MEDIUMCVSS 5.3v382023-08-15
CVE-2023-4359 [MEDIUM] CVE-2023-4359: Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed
Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4322CRITICALCVSS 9.8v37v382023-08-14
CVE-2023-4322 [CRITICAL] CWE-122 CVE-2023-4322: Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
nvd
CVE-2023-3824CRITICALCVSS 9.8v382023-08-11
CVE-2023-3824 [CRITICAL] CWE-119 CVE-2023-3824: In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
nvd
CVE-2023-3823HIGHCVSS 7.5v382023-08-11
CVE-2023-3823 [HIGH] CWE-611 CVE-2023-3823: In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functio
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-gl
nvd
CVE-2022-38076HIGHCVSS 7.8v37v38+1 more2023-08-11
CVE-2022-38076 [HIGH] CWE-20 CVE-2022-38076: Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may all
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
nvd
CVE-2022-46329MEDIUMCVSS 6.7v37v38+1 more2023-08-11
CVE-2022-46329 [MEDIUM] CWE-693 CVE-2022-46329: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
nvd
CVE-2022-40964MEDIUMCVSS 6.7v37v38+1 more2023-08-11
CVE-2022-40964 [MEDIUM] CWE-284 CVE-2022-40964: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allo
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
nvd
CVE-2023-22338MEDIUMCVSS 5.5v37v38+1 more2023-08-11
CVE-2023-22338 [MEDIUM] CWE-125 CVE-2023-22338: Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authentic
Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access.
nvd
CVE-2022-41804MEDIUMCVSS 6.7v382023-08-11
CVE-2022-41804 [MEDIUM] CWE-1334 CVE-2022-41804: Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors ma
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
nvd
CVE-2022-36351MEDIUMCVSS 6.5v37v38+1 more2023-08-11
CVE-2022-36351 [MEDIUM] CWE-20 CVE-2022-36351: Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may all
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
nvd
CVE-2023-22840MEDIUMCVSS 5.5v37v38+1 more2023-08-11
CVE-2023-22840 [MEDIUM] CWE-86 CVE-2023-22840: Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may a
Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.
nvd
CVE-2023-23908MEDIUMCVSS 4.4v37v382023-08-11
CVE-2023-23908 [MEDIUM] CWE-284 CVE-2023-23908: Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a priv
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.
nvd
CVE-2022-27635MEDIUMCVSS 6.7v37v38+1 more2023-08-11
CVE-2022-27635 [MEDIUM] CWE-284 CVE-2022-27635: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allo
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
nvd
CVE-2023-4273MEDIUMCVSS 6.7v37v382023-08-09
CVE-2023-4273 [MEDIUM] CWE-121 CVE-2023-4273: A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementa
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a sta
nvd
CVE-2023-38180HIGHCVSS 7.5KEVv37v382023-08-08
CVE-2023-38180 [HIGH] CWE-400 CVE-2023-38180: .NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
nvd
CVE-2023-20588MEDIUMCVSS 5.5v37v38+1 more2023-08-08
CVE-2023-20588 [MEDIUM] CWE-369 CVE-2023-20588:
A division-by-zero error on some AMD processors can potentially return speculative data resulting i
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
nvd
CVE-2023-20569MEDIUMCVSS 4.7v37v382023-08-08
CVE-2023-20569 [MEDIUM] CWE-203 CVE-2023-20569:
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the retur
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
nvd
CVE-2023-39978LOWCVSS 3.3v372023-08-08
CVE-2023-39978 [LOW] CWE-401 CVE-2023-39978: ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in M
ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.
nvd
CVE-2023-4147HIGHCVSS 7.8v382023-08-07
CVE-2023-4147 [HIGH] CWE-416 CVE-2023-4147: A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule wit
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
nvd
CVE-2023-4194MEDIUMCVSS 5.5v37v382023-08-07
CVE-2023-4194 [MEDIUM] CVE-2023-4194: A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket u
nvd