Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-03-25 | CVE-2021-3941 | In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. | Debian_linux, Fedora, Openexr, Enterprise_linux | 6.5 | ||
2022-03-25 | CVE-2021-4157 | An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. | Fedora, Linux_kernel, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Communications_cloud_native_core_binding_support_function | 8.0 | ||
2022-03-25 | CVE-2022-0983 | An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 8.8 | ||
2022-03-25 | CVE-2022-27920 | libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. | Fedora, Libkiwix | 6.1 | ||
2022-03-26 | CVE-2022-27939 | tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. | Tcpreplay, Fedora | 5.5 | ||
2022-03-26 | CVE-2022-27940 | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. | Tcpreplay, Fedora | 7.8 | ||
2022-03-26 | CVE-2022-27941 | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. | Tcpreplay, Fedora | 7.8 | ||
2022-03-26 | CVE-2022-27942 | tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. | Tcpreplay, Fedora | 7.8 | ||
2022-03-26 | CVE-2022-27943 | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | Fedora, Gcc | 5.5 | ||
2022-03-28 | CVE-2022-24303 | Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. | Fedora, Pillow | 9.1 |