Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-16 | CVE-2024-21096 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized... | Debian_linux, Fedora, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql | N/A | ||
| 2023-07-20 | CVE-2023-34968 | A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. | Debian_linux, Fedora, Enterprise_linux, Storage, Samba | 5.3 | ||
| 2023-07-20 | CVE-2023-3347 | A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. | Fedora, Enterprise_linux, Storage, Samba | 5.9 | ||
| 2024-03-08 | CVE-2024-23254 | The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. | Ipad_os, Iphone_os, Macos, Safari, Tvos, Visionos, Watchos, Fedora, Webkitgtk, Wpe_webkit | 6.5 | ||
| 2023-06-25 | CVE-2023-36664 | Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | Ghostscript, Debian_linux, Fedora | 7.8 | ||
| 2024-02-21 | CVE-2024-1674 | Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | Fedora, Chrome | 8.8 | ||
| 2023-10-05 | CVE-2023-41175 | A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | Fedora, Libtiff, Enterprise_linux | 6.5 | ||
| 2023-05-30 | CVE-2023-34151 | A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). | Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux | 5.5 | ||
| 2023-09-21 | CVE-2023-41993 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | Ipados, Iphone_os, Macos, Debian_linux, Fedora, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_insights_storage_workload_security_agent, Oncommand_insight, Oncommand_workflow_automation, Graalvm, Jdk, Jre, Webkitgtk\+ | 8.8 | ||
| 2023-11-30 | CVE-2023-42916 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | Ipados, Iphone_os, Macos, Safari, Debian_linux, Fedora, Webkitgtk\+ | 6.5 |