Fedoraproject Fedora vulnerabilities
5,277 known vulnerabilities affecting fedoraproject/fedora.
Total CVEs
5,277
CISA KEV
84
actively exploited
Public exploits
126
Exploited in wild
101
Severity breakdown
CRITICAL514HIGH2325MEDIUM2265LOW173
Vulnerabilities
Page 7 of 264
CVE-2024-22391CRITICALCVSS 9.8v38v39+1 more2024-04-25
CVE-2024-22391 [CRITICAL] CWE-119 CVE-2024-22391: A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathie
A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
nvd
CVE-2024-22373CRITICALCVSS 9.8v38v39+1 more2024-04-25
CVE-2024-22373 [CRITICAL] CWE-119 CVE-2024-22373: An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionalit
An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
nvd
CVE-2024-25569MEDIUMCVSS 6.5v38v39+1 more2024-04-25
CVE-2024-25569 [MEDIUM] CWE-125 CVE-2024-25569: An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Mal
An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.
nvd
CVE-2024-32658CRITICALCVSS 9.8v38v39+1 more2024-04-23
CVE-2024-32658 [CRITICAL] CWE-125 CVE-2024-32658: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to vers
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
nvd
CVE-2024-32662CRITICALCVSS 9.8v38v39+1 more2024-04-23
CVE-2024-32662 [CRITICAL] CWE-125 CVE-2024-32662: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to vers
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5
nvd
CVE-2024-32659CRITICALCVSS 9.8v38v39+1 more2024-04-23
CVE-2024-32659 [CRITICAL] CWE-125 CVE-2024-32659: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to vers
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
nvd
CVE-2024-32660HIGHCVSS 7.5v38v39+1 more2024-04-23
CVE-2024-32660 [HIGH] CWE-770 CVE-2024-32660: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
nvd
CVE-2024-32661HIGHCVSS 7.5v38v39+1 more2024-04-23
CVE-2024-32661 [HIGH] CWE-476 CVE-2024-32661: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to vers
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
nvd
CVE-2024-26922MEDIUMCVSS 5.5v38v39+1 more2024-04-23
CVE-2024-26922 [MEDIUM] CVE-2024-26922: In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: validate the parame
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: validate the parameters of bo mapping operations more clearly
Verify the parameters of
amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.
nvd
CVE-2024-31208MEDIUMCVSS 6.5v38v39+1 more2024-04-23
CVE-2024-31208 [MEDIUM] CWE-770 CVE-2024-31208: Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a r
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resultin
nvd
CVE-2024-32041CRITICALCVSS 9.8v38v39+1 more2024-04-22
CVE-2024-32041 [CRITICAL] CWE-125 CVE-2024-32041: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a ve
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.
nvd
CVE-2024-32459CRITICALCVSS 9.8v38v39+1 more2024-04-22
CVE-2024-32459 [CRITICAL] CWE-125 CVE-2024-32459: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers t
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.
nvd
CVE-2024-32039CRITICALCVSS 9.8v38v39+1 more2024-04-22
CVE-2024-32039 [CRITICAL] CWE-190 CVE-2024-32039: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a versi
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default
nvd
CVE-2024-32458CRITICALCVSS 9.8v38v39+1 more2024-04-22
CVE-2024-32458 [CRITICAL] CWE-125 CVE-2024-32458: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a ve
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).
nvd
CVE-2024-32460CRITICALCVSS 9.8v38v39+1 more2024-04-22
CVE-2024-32460 [CRITICAL] CWE-125 CVE-2024-32460: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The wor
nvd
CVE-2024-32040CRITICALCVSS 9.8v38v39+1 more2024-04-22
CVE-2024-32040 [CRITICAL] CWE-191 CVE-2024-32040: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a ve
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).
nvd
CVE-2023-51798HIGHCVSS 7.8v38v39+1 more2024-04-19
CVE-2023-51798 [HIGH] CWE-120 CVE-2023-51798: Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arb
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
nvd
CVE-2023-51795HIGHCVSS 8.0v38v39+1 more2024-04-19
CVE-2023-51795 [HIGH] CWE-122 CVE-2023-51795: Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arb
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame
nvd
CVE-2023-49502HIGHCVSS 8.8v38v39+1 more2024-04-19
CVE-2023-49502 [HIGH] CWE-120 CVE-2023-49502: Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbi
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.
nvd
CVE-2023-50009HIGHCVSS 8.0v38v39+1 more2024-04-19
CVE-2023-50009 [HIGH] CWE-122 CVE-2023-50009: FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function
FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component.
nvd