• git://
#Vulnerabilities 3234
Date Id Summary Products Score Patch Annotated
2022-01-30 CVE-2022-0413 Use After Free in GitHub repository vim/vim prior to 8.2. Fedora, Vim 7.8
2022-02-02 CVE-2022-0443 Use After Free in GitHub repository vim/vim prior to 8.2. Fedora, Vim 7.8
2022-02-14 CVE-2022-0572 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Fedora, Vim 7.8
2021-05-13 CVE-2021-32921 An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. Debian_linux, Fedora, Prosody 5.9
2021-06-08 CVE-2021-3564 A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. Debian_linux, Fedora, Linux_kernel 5.5
2022-05-06 CVE-2022-24884 ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify`... Debian_linux, Ecdsautils, Fedora 7.5
2022-05-06 CVE-2022-1053 Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent... Fedora, Keylime 9.1
2019-11-23 CVE-2019-11287 Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. Debian_linux, Fedora, Rabbitmq, Openstack, Rabbitmq 7.5
2021-07-14 CVE-2021-36740 Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8. Debian_linux, Fedora, Varnish_cache 6.5
2021-11-08 CVE-2021-42072 An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption. Barrier, Fedora 8.8