Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-29 | CVE-2019-20444 | HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." | Ubuntu_linux, Debian_linux, Fedora, Netty, Jboss_amq_clients, Jboss_enterprise_application_platform | 9.1 | ||
| 2023-08-23 | CVE-2023-4428 | Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | Debian_linux, Fedora, Chrome | 8.1 | ||
| 2023-12-07 | CVE-2023-46218 | This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case... | Fedora, Curl | 6.5 | ||
| 2024-04-04 | CVE-2023-38709 | Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. | Http_server, Macos, Fabric_operating_system, Debian_linux, Fedora, Ontap, Ontap_tools | N/A | ||
| 2024-04-04 | CVE-2024-24795 | HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue. | Http_server, Macos, Fabric_operating_system, Debian_linux, Fedora, Ontap, Ontap_tools | N/A | ||
| 2024-05-18 | CVE-2024-36048 | QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values. | Fedora, Qt | N/A | ||
| 2023-07-10 | CVE-2023-26590 | A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. | Extra_packages_for_enterprise_linux, Fedora, Enterprise_linux, Sound_exchange | 5.5 | ||
| 2023-07-10 | CVE-2023-32627 | A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. | Extra_packages_for_enterprise_linux, Fedora, Enterprise_linux, Sound_exchange | 5.5 | ||
| 2023-07-10 | CVE-2023-34318 | A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. | Extra_packages_for_enterprise_linux, Fedora, Enterprise_linux, Sound_exchange | 7.8 | ||
| 2023-09-01 | CVE-2023-36328 | Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). | Fedora, Libtommath | 9.8 |