Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-03 | CVE-2020-5395 | FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. | Fedora, Fontforge, Leap | 8.8 | ||
| 2020-02-07 | CVE-2019-15605 | HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed | Debian_linux, Fedora, Node\.js, Leap, Graalvm, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Software_collections | 9.8 | ||
| 2023-05-09 | CVE-2023-31137 | MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination. The vulnerability exists in the `decomp_get_rddata` function within the `Decompress.c` file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the... | Debian_linux, Fedora, Maradns | 7.5 | ||
| 2023-09-01 | CVE-2023-36328 | Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). | Fedora, Libtommath | 9.8 | ||
| 2021-12-23 | CVE-2021-3621 | A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | Fedora, Sssd, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Virtualization, Virtualization_host | 8.8 | ||
| 2021-02-10 | CVE-2020-13574 | A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | Fedora, Gsoap | 7.5 | ||
| 2021-02-10 | CVE-2020-13575 | A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | Fedora, Gsoap | 7.5 | ||
| 2021-02-10 | CVE-2020-13576 | A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. | Fedora, Gsoap | 9.8 | ||
| 2021-02-10 | CVE-2020-13577 | A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | Fedora, Gsoap | 7.5 | ||
| 2021-02-10 | CVE-2020-13578 | A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | Fedora, Gsoap | 7.5 |