Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-17 | CVE-2022-3165 | An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. | Fedora, Qemu | 6.5 | ||
| 2024-01-24 | CVE-2024-0809 | Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | Fedora, Chrome | 4.3 | ||
| 2024-02-05 | CVE-2024-22667 | Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. | Fedora, Vim | 7.8 | ||
| 2024-02-07 | CVE-2024-1284 | Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Fedora, Chrome | 9.8 | ||
| 2024-02-22 | CVE-2023-3966 | A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled. | Fedora, Openvswitch | 7.5 | ||
| 2022-10-17 | CVE-2022-41751 | Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. | Debian_linux, Fedora, Jhead | 7.8 | ||
| 2022-10-17 | CVE-2022-41751 | Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. | Debian_linux, Fedora, Jhead | 7.8 | ||
| 2022-10-17 | CVE-2022-3517 | A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. | Debian_linux, Fedora, Minimatch | 7.5 | ||
| 2024-02-14 | CVE-2023-50387 | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. | Fedora, Bind, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Knot_resolver, Unbound, Recursor, Enterprise_linux, Dnsmasq | 7.5 | ||
| 2024-02-27 | CVE-2024-27507 | libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp. | Fedora, Liblas | N/A |