Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-17 | CVE-2022-41751 | Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. | Debian_linux, Fedora, Jhead | 7.8 | ||
| 2022-10-17 | CVE-2022-3517 | A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. | Debian_linux, Fedora, Minimatch | 7.5 | ||
| 2024-02-14 | CVE-2023-50387 | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. | Fedora, Bind, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Knot_resolver, Unbound, Recursor, Enterprise_linux, Dnsmasq | 7.5 | ||
| 2024-02-27 | CVE-2024-27507 | libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp. | Fedora, Liblas | N/A | ||
| 2024-03-20 | CVE-2023-46841 | Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses are accompanied by so called "shadow stacks", holding little more than return addresses. Shadow stacks aren't writable by normal instructions, and upon function returns their contents are used... | Fedora, Xen | N/A | ||
| 2021-02-09 | CVE-2021-26937 | encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | Debian_linux, Fedora, Screen | 9.8 | ||
| 2021-03-19 | CVE-2021-28831 | decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | Busybox, Debian_linux, Fedora | 7.5 | ||
| 2022-10-27 | CVE-2022-3725 | Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file | Fedora, Wireshark | 7.5 | ||
| 2022-10-21 | CVE-2022-37454 | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. | Debian_linux, Extended_keccak_code_package, Fedora, Php, Pypy, Pysha3, Python, Sha3 | 9.8 | ||
| 2023-08-15 | CVE-2023-32004 | A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | Fedora, Node\.js | 8.8 |