Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-12-03 | CVE-2013-4235 | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | Debian_linux, Shadow, Fedora, Enterprise_linux | 4.7 | ||
2019-12-10 | CVE-2013-2166 | python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | Debian_linux, Fedora, Python\-Keystoneclient, Openstack | 9.8 | ||
2020-01-07 | CVE-2019-14834 | A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. | Fedora, Dnsmasq | 3.7 | ||
2020-11-12 | CVE-2020-25658 | It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. | Fedora, Python\-Rsa, Openstack_platform | 5.9 | ||
2021-01-12 | CVE-2020-25657 | A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. | Fedora, M2crypto, Enterprise_linux, Virtualization | 5.9 | ||
2021-03-18 | CVE-2021-3416 | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. | Debian_linux, Fedora, Qemu, Enterprise_linux | 6.0 | ||
2021-03-26 | CVE-2021-20271 | A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. | Fedora, Enterprise_linux, Rpm, Starwind_virtual_san | 7.0 | ||
2021-05-25 | CVE-2020-25672 | A memory leak vulnerability was found in Linux kernel in llcp_sock_connect | Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware | 7.5 | ||
2021-05-26 | CVE-2020-25670 | A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. | Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware | 7.8 | ||
2021-05-26 | CVE-2020-25671 | A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. | Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware | 7.8 |