Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-01 | CVE-2024-27018 | In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patch adds a workaround to reset conntrack for these packets. Jianbo Liu reports warning splats in their test infrastructure where cloned packets reach the br_netfilter input hook to confirm the conntrack... | Fedora, Linux_kernel | 7.8 | ||
| 2024-05-01 | CVE-2024-27018 | In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patch adds a workaround to reset conntrack for these packets. Jianbo Liu reports warning splats in their test infrastructure where cloned packets reach the br_netfilter input hook to confirm the conntrack... | Fedora, Linux_kernel | 7.8 | ||
| 2023-12-18 | CVE-2023-48795 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles... | Kitty, Sshd, Sshj, Macos, Asyncssh, Ssh_client, Ssh_server, Sshlib, Thrussh, Crushftp, Debian_linux, Dropbear_ssh, Erlang\/otp, Fedora, Filezilla_client, Freebsd, Security, Crypto, Maverick_synergy_java_ssh_api, Lanconfig, Lcos, Lcos_fx, Lcos_lx, Lcos_sx, Libssh, Libssh2, Jsch, Net\-Ssh, Pfsense_ce, Pfsense_plus, Xshell_7, Openssh, Cyclone_ssh, Nova, Transmit_5, Paramiko, Proftpd, Putty, Advanced_cluster_security, Ceph_storage, Cert\-Manager_operator_for_red_hat_openshift, Discovery, Enterprise_linux, Jboss_enterprise_application_platform, Keycloak, Openshift_api_for_data_protection, Openshift_container_platform, Openshift_data_foundation, Openshift_dev_spaces, Openshift_developer_tools_and_services, Openshift_gitops, Openshift_pipelines, Openshift_serverless, Openshift_virtualization, Openstack_platform, Single_sign\-On, Storage, Pkixssh, Russh, Sftpgo, Ssh, Ssh2, Tera_term, Sftp_gateway_firmware, Tinyssh, Ssh2, Securecrt, Winscp | 5.9 | ||
| 2022-01-01 | CVE-2021-41819 | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. | Debian_linux, Fedora, Factory, Leap, Enterprise_linux, Software_collections, Cgi, Ruby, Linux_enterprise | 7.5 | ||
| 2022-01-05 | CVE-2021-45116 | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. | Django, Fedora | 7.5 | ||
| 2022-09-26 | CVE-2022-2852 | Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 | ||
| 2022-09-26 | CVE-2022-2853 | Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 | ||
| 2022-09-26 | CVE-2022-2854 | Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 | ||
| 2022-09-26 | CVE-2022-2855 | Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 | ||
| 2022-09-26 | CVE-2022-2857 | Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome | 8.8 |