Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-29 | CVE-2022-0984 | Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. | Fedora, Moodle, Enterprise_linux | 4.3 | ||
| 2022-04-18 | CVE-2022-27652 | A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | Fedora, Cri\-O, Moby, Openshift_container_platform | 5.3 | ||
| 2021-03-04 | CVE-2021-3404 | In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. | Fedora, Enterprise_linux, Ytnef | 7.8 | ||
| 2021-03-04 | CVE-2021-3403 | In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. | Fedora, Enterprise_linux, Ytnef | 7.8 | ||
| 2022-02-24 | CVE-2021-3700 | A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. | Debian_linux, Fedora, Enterprise_linux, Usbredir | 6.4 | ||
| 2022-04-01 | CVE-2021-3847 | An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. | Fedora, Linux_kernel | 7.8 | ||
| 2016-07-12 | CVE-2015-3192 | Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. | Fedora, Spring_framework, Spring_framework | 5.5 | ||
| 2022-03-23 | CVE-2021-4148 | A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem. | Fedora, Linux_kernel | 5.5 | ||
| 2016-01-22 | CVE-2016-1572 | mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid. | Ubuntu_linux, Debian_linux, Ecryptfs\-Utils, Fedora, Leap, Opensuse | 8.4 | ||
| 2022-03-10 | CVE-2021-4023 | A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system. | Fedora, Linux_kernel | 5.5 |