Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2009-08-06 | CVE-2009-2625 | XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | Xerces2_java, Ubuntu_linux, Debian_linux, Fedora, Opensuse, Jdk, Primavera_p6_enterprise_project_portfolio_management, Primavera_web_services, Linux_enterprise_server | N/A | ||
| 2020-04-28 | CVE-2020-10663 | The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. | Macos, Debian_linux, Fedora, Json, Leap | 7.5 | ||
| 2020-05-13 | CVE-2020-3327 | A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | Ubuntu_linux, Clam_antivirus, Debian_linux, Fedora | 7.5 | ||
| 2020-12-14 | CVE-2020-8284 | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | Debian_linux, Fedora, Curl | 3.7 | ||
| 2021-03-29 | CVE-2021-23358 | The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. | Debian_linux, Fedora, Tenable\.sc, Underscore | 7.2 | ||
| 2021-08-05 | CVE-2021-22925 | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use... | Mac_os_x, Macos, Fedora, Curl, Clustered_data_ontap, Hci_management_node, Solidfire | 5.3 | ||
| 2021-08-08 | CVE-2021-36221 | Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. | Fedora, Go | 5.9 | ||
| 2021-08-26 | CVE-2021-30603 | Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 7.5 | ||
| 2020-05-11 | CVE-2018-1285 | Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. | Log4net, Fedora, Hospitality_opera_5, Hospitality_simphony | 9.8 | ||
| 2021-02-11 | CVE-2021-22881 | The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website. | Fedora, Rails | 6.1 |