Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-15 | CVE-2023-1729 | A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. | Fedora, Libraw, Enterprise_linux | 6.5 | ||
| 2023-06-05 | CVE-2023-34410 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. | Debian_linux, Fedora, Qt | 5.3 | ||
| 2023-10-03 | CVE-2023-5345 | A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. | Fedora, Linux_kernel | 7.8 | ||
| 2023-11-03 | CVE-2023-1194 | An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. | Fedora, Linux_kernel | 8.1 | ||
| 2019-02-04 | CVE-2019-1000018 | rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission. | Ubuntu_linux, Debian_linux, Fedora, Rssh | 7.8 | ||
| 2023-02-15 | CVE-2023-0361 | A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data... | Debian_linux, Fedora, Gnutls, Active_iq_unified_manager, Converged_systems_advisor_agent, Ontap_select_deploy_administration_utility, Enterprise_linux | 7.4 | ||
| 2023-10-18 | CVE-2023-5631 | Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. | Debian_linux, Fedora, Webmail | 5.4 | ||
| 2023-02-17 | CVE-2023-24329 | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | Fedora, Active_iq_unified_manager, Management_services_for_element_software, Management_services_for_netapp_hci, Ontap_select_deploy_administration_utility, Python | 7.5 | ||
| 2023-02-20 | CVE-2023-26081 | In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | Fedora, Epiphany | 7.5 | ||
| 2023-03-03 | CVE-2022-4645 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. | Fedora, Libtiff | 5.5 |