Fedoraproject: >> Fedora Security Vulnerabilities
p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-03
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
CVSS Score
5.5
EPSS Score
0.002
Published
2024-02-29
An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-29
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.002
Published
2024-02-29
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.297
Published
2024-02-29
YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.
CVSS Score
5.4
EPSS Score
0.027
Published
2024-02-28
libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-27
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.
CVSS Score
7.5
EPSS Score
0.032
Published
2024-02-27
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-02-26
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-02-26