Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-01-01 | CVE-2021-41819 | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. | Debian_linux, Fedora, Factory, Leap, Enterprise_linux, Software_collections, Cgi, Ruby, Linux_enterprise | 7.5 | ||
2022-01-05 | CVE-2021-45116 | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. | Django, Fedora | 7.5 | ||
2022-09-26 | CVE-2022-2852 | Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 | ||
2022-09-26 | CVE-2022-2853 | Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 | ||
2022-09-26 | CVE-2022-2854 | Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 | ||
2022-09-26 | CVE-2022-2855 | Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 | ||
2022-09-26 | CVE-2022-2857 | Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 | ||
2022-09-26 | CVE-2022-3044 | Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | Fedora, Chrome | 6.5 | ||
2022-09-26 | CVE-2022-3045 | Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 | ||
2022-09-26 | CVE-2022-3046 | Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 |