Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-29 | CVE-2024-31079 | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or causeĀ other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over. | Nginx_open_source, Nginx_plus, Fedora | 4.8 | ||
| 2024-05-29 | CVE-2024-32760 | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | Nginx_open_source, Nginx_plus, Fedora | 6.5 | ||
| 2024-05-29 | CVE-2024-34161 | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. | Nginx_open_source, Nginx_plus, Fedora | 5.3 | ||
| 2024-05-29 | CVE-2024-35200 | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. | Nginx_open_source, Nginx_plus, Fedora | 5.3 | ||
| 2020-04-29 | CVE-2020-11023 | In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | Debian_linux, Drupal, Fedora, Jquery, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Max_data, Oncommand_insight, Oncommand_system_manager, Snap_creator_framework, Snapcenter_server, Application_express, Application_testing_suite, Banking_enterprise_collections, Banking_platform, Business_intelligence, Communications_analytics, Communications_eagle_application_processor, Communications_element_manager, Communications_interactive_session_recorder, Communications_operations_monitor, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Financial_services_regulatory_reporting_for_de_nederlandsche_bank, Financial_services_revenue_management_and_billing_analytics, Health_sciences_inform, Healthcare_translational_research, Hyperion_financial_reporting, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Oss_support_tools, Peoplesoft_enterprise_human_capital_management_resources, Primavera_gateway, Rest_data_services, Siebel_mobile, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Webcenter_sites, Weblogic_server, Log_correlation_engine | 6.1 | ||
| 2024-02-19 | CVE-2024-25978 | Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality. | Fedora, Moodle | 7.5 | ||
| 2024-02-19 | CVE-2024-25979 | The URL parameters accepted by forum search were not limited to the allowed parameters. | Fedora, Moodle | 5.3 | ||
| 2024-02-19 | CVE-2024-25980 | Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. | Fedora, Moodle | 5.3 | ||
| 2024-02-19 | CVE-2024-25981 | Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. | Fedora, Moodle | 5.3 | ||
| 2024-02-19 | CVE-2024-25982 | The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. | Fedora, Moodle | 8.8 |