Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-09-26 | CVE-2022-3200 | Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Fedora, Chrome | 8.8 | ||
| 2024-04-19 | CVE-2024-22640 | TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. | Fedora, Tcpdf | N/A | ||
| 2022-09-30 | CVE-2022-40313 | Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 7.1 | ||
| 2022-09-30 | CVE-2022-40315 | A limited SQL injection risk was identified in the "browse list of users" site administration page. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 9.8 | ||
| 2022-09-30 | CVE-2022-40316 | The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 4.3 | ||
| 2023-04-19 | CVE-2023-27043 | The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. | Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Python | 5.3 | ||
| 2024-03-13 | CVE-2024-23672 | Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. | Tomcat, Debian_linux, Fedora | N/A | ||
| 2024-03-13 | CVE-2024-24549 | Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to... | Tomcat, Debian_linux, Fedora | N/A | ||
| 2021-09-16 | CVE-2021-40438 | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, F5os, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Enterprise_manager_ops_center, Http_server, Instantis_enterprisetrack, Secure_global_desktop, Zfs_storage_appliance_kit, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_ibm_z_systems_eus_s390x, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_update_services_for_sap_solutions, Enterprise_linux_workstation, Jboss_core_services, Software_collections, Rocky_linux, Ruggedcom_nms, Sinec_nms, Sinema_remote_connect_server, Sinema_server, Tenable\.sc | 9.0 | ||
| 2022-10-13 | CVE-2022-42719 | A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. | Debian_linux, Fedora, Linux_kernel | 8.8 |