Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fedoraproject fedora 18 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerab...
Nodejs Node.js
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
8.8
CVSSv3
CVE-2023-32006
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and,...
Nodejs Node.js
Fedoraproject Fedora 37
Fedoraproject Fedora 38
7.8
CVSSv3
CVE-2023-34432
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
Sound Exchange Project Sound Exchange
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
7.8
CVSSv3
CVE-2023-34318
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.
Sox Project Sox 14.4.3
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
5.5
CVSSv3
CVE-2023-32627
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.
Sox Project Sox 14.4.3
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
5.5
CVSSv3
CVE-2023-26590
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.
Sox Project Sox 14.4.3
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
7.5
CVSSv3
CVE-2023-30589
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC72...
Nodejs Node.js
Fedoraproject Fedora 37
Fedoraproject Fedora 38
7.5
CVSSv3
CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 lengt...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.4
CVSSv3
CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would r...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.5
CVSSv3
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the ra...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »