Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-09-28 | CVE-2022-31629 | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. | Debian_linux, Fedora, Php | 6.5 | ||
2023-07-03 | CVE-2023-36053 | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. | Debian_linux, Django, Fedora | 7.5 | ||
2023-11-03 | CVE-2023-41164 | In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. | Django, Fedora | 7.5 | ||
2023-11-03 | CVE-2023-43665 | In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. | Django, Fedora | 7.5 | ||
2023-01-12 | CVE-2023-23456 | A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. | Fedora, Upx | 5.5 | ||
2023-01-12 | CVE-2023-23457 | A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. | Fedora, Upx | 5.5 | ||
2023-03-23 | CVE-2023-1544 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. | Fedora, Qemu | 6.3 | ||
2023-03-23 | CVE-2023-28333 | The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | Fedora, Moodle | 9.8 | ||
2023-03-23 | CVE-2023-28336 | Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | Fedora, Moodle | 4.3 | ||
2023-05-02 | CVE-2023-30943 | The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 |