Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-30 | CVE-2023-42916 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | Ipados, Iphone_os, Macos, Safari, Debian_linux, Fedora, Webkitgtk\+ | 6.5 | ||
| 2022-09-21 | CVE-2022-2795 | By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | Debian_linux, Fedora, Bind | 5.3 | ||
| 2014-10-15 | CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | Mac_os_x, Debian_linux, Fedora, Aix, Vios, Mageia, Netbsd, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Openssl, Opensuse, Database, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_desktop_supplementary, Enterprise_linux_server, Enterprise_linux_server_supplementary, Enterprise_linux_workstation, Enterprise_linux_workstation_supplementary | 3.4 | ||
| 2019-06-10 | CVE-2019-12387 | In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. | Ubuntu_linux, Fedora, Solaris, Zfs_storage_appliance_kit, Twisted | 6.1 | ||
| 2020-01-03 | CVE-2020-5310 | libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. | Ubuntu_linux, Fedora, Pillow | 8.8 | ||
| 2020-01-03 | CVE-2020-5311 | libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Pillow | 9.8 | ||
| 2020-01-03 | CVE-2020-5312 | libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Pillow | 9.8 | ||
| 2020-01-03 | CVE-2020-5313 | libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Pillow | 7.1 | ||
| 2020-01-03 | CVE-2020-5395 | FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. | Fedora, Fontforge, Leap | 8.8 | ||
| 2020-01-09 | CVE-2020-6750 | GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are... | Fedora, Glib | 5.9 |