Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-05-25 | CVE-2023-32067 | c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. | C\-Ares, Debian_linux, Fedora | 7.5 | ||
2023-08-08 | CVE-2023-20588 | A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | Athlon_gold_3150g_firmware, Athlon_gold_3150ge_firmware, Athlon_gold_pro_3150g_firmware, Athlon_gold_pro_3150ge_firmware, Athlon_pro_300ge_firmware, Athlon_silver_3050ge_firmware, Athlon_silver_pro_3125ge_firmware, Epyc_7251_firmware, Epyc_7261_firmware, Epyc_7281_firmware, Epyc_7301_firmware, Epyc_7351_firmware, Epyc_7351p_firmware, Epyc_7371_firmware, Epyc_7401_firmware, Epyc_7401p_firmware, Epyc_7451_firmware, Epyc_7501_firmware, Epyc_7551_firmware, Epyc_7551p_firmware, Epyc_7571_firmware, Epyc_7601_firmware, Ryzen_3_3200g_firmware, Ryzen_3_3200ge_firmware, Ryzen_3_pro_3200g_firmware, Ryzen_3_pro_3200ge_firmware, Ryzen_5_3400g_firmware, Ryzen_5_pro_3350g_firmware, Ryzen_5_pro_3350ge_firmware, Ryzen_5_pro_3400g_firmware, Ryzen_5_pro_3400ge_firmware, Debian_linux, Fedora, Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_21h2, Windows_11_22h2, Windows_11_23h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022_23h2, Xen | 5.5 | ||
2023-10-23 | CVE-2023-31122 | Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. | Http_server, Fedora | 7.5 | ||
2023-12-21 | CVE-2023-7024 | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Debian_linux, Fedora, Chrome | 8.8 | ||
2023-12-24 | CVE-2023-51764 | Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent... | Fedora, Postfix, Enterprise_linux | 5.3 | ||
2024-02-14 | CVE-2023-50387 | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. | Fedora, Bind, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Knot_resolver, Unbound, Recursor, Enterprise_linux, Dnsmasq | 7.5 | ||
2024-02-19 | CVE-2024-1597 | pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that... | Fedora, Postgresql_jdbc_driver | 9.8 | ||
2021-05-26 | CVE-2021-22543 | An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. | Debian_linux, Fedora, Linux_kernel, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware | 7.8 | ||
2021-06-08 | CVE-2021-31957 | ASP.NET Core Denial of Service Vulnerability | Fedora, \.net, \.net_core, Visual_studio_2019 | 5.9 | ||
2023-01-10 | CVE-2023-21538 | .NET Denial of Service Vulnerability | Fedora, \.net, Powershell | 7.5 |