Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-16 | CVE-2024-0517 | Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Fedora, Chrome | 8.8 | ||
| 2008-10-15 | CVE-2008-4577 | The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. | Ubuntu_linux, Dovecot, Fedora, Opensuse | 7.5 | ||
| 2011-07-21 | CVE-2011-2520 | fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object. | Fedora, System\-Config\-Firewall | 7.8 | ||
| 2022-03-23 | CVE-2022-0396 | BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. | Fedora, Bind, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Sinec_ins | 5.3 | ||
| 2022-10-24 | CVE-2022-43680 | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | Debian_linux, Fedora, Libexpat, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_compute_node_firmware, Oncommand_workflow_automation, Solidfire_\&_hci_management_node | 7.5 | ||
| 2023-08-14 | CVE-2023-4322 | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | Fedora, Radare2 | 9.8 | ||
| 2023-10-18 | CVE-2023-45145 | Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to... | Debian_linux, Fedora, Redis | 3.6 | ||
| 2023-10-20 | CVE-2023-5686 | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | Fedora, Radare2 | 8.8 | ||
| 2020-06-09 | CVE-2020-10757 | A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Cloud_backup, Steelstore_cloud_integrated_storage, Leap, Enterprise_linux, Enterprise_mrg | 7.8 | ||
| 2023-12-12 | CVE-2023-46219 | When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. | Fedora, Curl | 5.3 |