Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-30 | CVE-2022-44020 | An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration." | Fedora, Sushy\-Tools, Virtualbmc | 5.5 | ||
| 2023-10-03 | CVE-2023-4911 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | Ubuntu_linux, Debian_linux, Fedora, Glibc, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Ontap_select_deploy_administration_utility, Codeready_linux_builder, Codeready_linux_builder_eus, Codeready_linux_builder_for_arm64, Codeready_linux_builder_for_arm64_eus, Codeready_linux_builder_for_ibm_z_systems, Codeready_linux_builder_for_ibm_z_systems_eus, Codeready_linux_builder_for_power_little_endian, Codeready_linux_builder_for_power_little_endian_eus, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_ibm_z_systems_eus_s390x, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Virtualization, Virtualization_host | 7.8 | ||
| 2022-11-01 | CVE-2022-3602 | A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could... | Fedora, Clustered_data_ontap, Node\.js, Openssl | 7.5 | ||
| 2018-03-06 | CVE-2018-5729 | MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. | Debian_linux, Fedora, Kerberos_5, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 4.7 | ||
| 2018-03-06 | CVE-2018-5730 | MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. | Debian_linux, Fedora, Kerberos_5, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 3.8 | ||
| 2019-11-18 | CVE-2019-19064 | A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control these failures at probe time | Fedora, Linux_kernel | 7.5 | ||
| 2020-08-17 | CVE-2020-24370 | ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). | Debian_linux, Fedora, Lua | 5.3 | ||
| 2020-08-17 | CVE-2020-24370 | ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). | Debian_linux, Fedora, Lua | 5.3 | ||
| 2021-11-15 | CVE-2021-42374 | An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that | Busybox, Fedora, Cloud_backup, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire | 5.3 | ||
| 2022-01-26 | CVE-2022-23990 | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | Debian_linux, Fedora, Libexpat, Communications_metasolv_solution, Sinema_remote_connect_server, Nessus | 7.5 |