Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-17 | CVE-2020-14394 | An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. | Extra_packages_for_enterprise_linux, Fedora, Qemu, Enterprise_linux, Openstack_platform | 3.2 | ||
| 2023-03-01 | CVE-2023-1127 | Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | Fedora, Vim | 7.8 | ||
| 2020-06-03 | CVE-2020-10749 | A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container. | Fedora, Cni_network_plugins, Enterprise_linux, Openshift_container_platform | 6.0 | ||
| 2023-03-03 | CVE-2022-41862 | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. | Fedora, Postgresql, Enterprise_linux, Integration_camel_k, Integration_camel_quarkus, Integration_service_registry | 3.7 | ||
| 2023-03-06 | CVE-2022-4904 | A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. | C\-Ares, Fedora, Enterprise_linux, Software_collections | 8.6 | ||
| 2023-02-04 | CVE-2023-25193 | hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. | Fedora, Harfbuzz | 7.5 | ||
| 2019-06-29 | CVE-2019-13038 | mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. | Ubuntu_linux, Fedora, Mod_auth_mellon, Zfs_storage_appliance_kit | 6.1 | ||
| 2021-05-14 | CVE-2020-27769 | In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c. | Fedora, Imagemagick, Enterprise_linux_desktop | 3.3 | ||
| 2022-02-24 | CVE-2021-3596 | A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. | Debian_linux, Fedora, Imagemagick, Enterprise_linux | 6.5 | ||
| 2022-08-26 | CVE-2021-3574 | A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. | Fedora, Imagemagick | 3.3 |