Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-04 | CVE-2023-25193 | hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. | Fedora, Harfbuzz | 7.5 | ||
| 2023-02-07 | CVE-2022-46663 | In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. | Fedora, Less | 7.5 | ||
| 2023-02-27 | CVE-2023-1055 | A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality. | Fedora, Directory_server | 5.5 | ||
| 2023-02-28 | CVE-2022-41727 | An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service. | Fedora, Image, Tiff | 5.5 | ||
| 2023-02-28 | CVE-2023-27320 | Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | Fedora, Sudo | 7.2 | ||
| 2023-03-01 | CVE-2023-1127 | Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | Fedora, Vim | 7.8 | ||
| 2023-03-06 | CVE-2021-20251 | A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. | Fedora, Samba | 5.9 | ||
| 2023-03-06 | CVE-2022-4904 | A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. | C\-Ares, Fedora, Enterprise_linux, Software_collections | 8.6 | ||
| 2023-03-07 | CVE-2023-1264 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | Fedora, Vim | 5.5 | ||
| 2023-03-21 | CVE-2022-42331 | x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks. | Fedora, Xen | 5.5 |