Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fedoraproject vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2022-1053
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an malicious user to use one AK, EK pair from a real TPM to pass EK validation a...
Keylime Keylime
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
6.5
CVSSv3
CVE-2022-42010
An issue exists in D-Bus prior to 1.12.24, 1.13.x and 1.14.x prior to 1.14.4, and 1.15.x prior to 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
Freedesktop Dbus
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
6.5
CVSSv3
CVE-2022-42011
An issue exists in D-Bus prior to 1.12.24, 1.13.x and 1.14.x prior to 1.14.4, and 1.15.x prior to 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of t...
Freedesktop Dbus
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
6.5
CVSSv3
CVE-2022-42012
An issue exists in D-Bus prior to 1.12.24, 1.13.x and 1.14.x prior to 1.14.4, and 1.15.x prior to 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
Freedesktop Dbus
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
8.8
CVSSv3
CVE-2023-5346
Type confusion in V8 in Google Chrome before 117.0.5938.149 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Google Chrome
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
8.8
CVSSv3
CVE-2023-5528
A security issue exists in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
Kubernetes Kubernetes
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
7.8
CVSSv3
CVE-2023-5535
Use After Free in GitHub repository vim/vim prior to v9.0.2010.
Vim Vim
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
4.4
CVSSv3
CVE-2020-2926
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compro...
Oracle Mysql
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
7.5
CVSSv3
CVE-2023-43669
The Tungstenite crate prior to 0.20.1 for Rust allows remote malicious users to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of ...
Snapview Tungstenite
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
8.1
CVSSv3
CVE-2023-4427
Out of bounds memory access in V8 in Google Chrome before 116.0.5845.110 allowed a remote malicious user to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Google Chrome
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »