Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-04-15 | CVE-2021-43612 | In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. | Fedora, Lldpd | 7.5 | ||
2023-05-05 | CVE-2023-29659 | A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. | Fedora, Libheif | 6.5 | ||
2023-05-07 | CVE-2023-31047 | In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. | Django, Fedora | 9.8 | ||
2023-05-10 | CVE-2023-32570 | VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. | Fedora, Dav1d | 5.9 | ||
2023-05-18 | CVE-2023-33204 | sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. | Debian_linux, Fedora, Sysstat | 7.8 | ||
2023-05-26 | CVE-2023-28321 | An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are... | Macos, Debian_linux, Fedora, Curl, Clustered_data_ontap, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Ontap_antivirus_connector | 5.9 | ||
2023-05-26 | CVE-2023-22970 | Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file. | Fedora, Bottles | 7.8 | ||
2023-05-30 | CVE-2023-34152 | A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. | Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux | 9.8 | ||
2023-05-30 | CVE-2023-34153 | A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. | Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux | 7.8 | ||
2023-06-06 | CVE-2023-33460 | There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. | Debian_linux, Fedora, Yajl | 6.5 |