Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-30 | CVE-2022-0413 | Use After Free in GitHub repository vim/vim prior to 8.2. | Fedora, Vim | 7.8 | ||
| 2022-02-02 | CVE-2022-0443 | Use After Free in GitHub repository vim/vim prior to 8.2. | Fedora, Vim | 7.8 | ||
| 2022-02-14 | CVE-2022-0572 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | Fedora, Vim | 7.8 | ||
| 2021-05-13 | CVE-2021-32921 | An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. | Debian_linux, Fedora, Prosody | 5.9 | ||
| 2021-06-08 | CVE-2021-3564 | A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. | Debian_linux, Fedora, Linux_kernel | 5.5 | ||
| 2022-05-06 | CVE-2022-24884 | ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify`... | Debian_linux, Ecdsautils, Fedora | 7.5 | ||
| 2022-05-06 | CVE-2022-1053 | Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent... | Fedora, Keylime | 9.1 | ||
| 2019-11-23 | CVE-2019-11287 | Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. | Debian_linux, Fedora, Rabbitmq, Openstack, Rabbitmq | 7.5 | ||
| 2021-07-14 | CVE-2021-36740 | Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8. | Debian_linux, Fedora, Varnish_cache | 6.5 | ||
| 2021-11-08 | CVE-2021-42072 | An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption. | Barrier, Fedora | 8.8 |