Product:

Fedora

(Fedoraproject)
Repositories https://github.com/torvalds/linux
https://github.com/phpmyadmin/phpmyadmin
https://github.com/krb5/krb5
https://github.com/mdadams/jasper
https://github.com/uclouvain/openjpeg
https://github.com/golang/go
https://github.com/FasterXML/jackson-databind
https://github.com/ntp-project/ntp
https://github.com/dbry/WavPack
https://github.com/apache/httpd
https://github.com/json-c/json-c
https://github.com/jquery/jquery-ui
https://github.com/ClusterLabs/pcs
https://github.com/newsoft/libvncserver
https://github.com/horde/horde
https://github.com/ipython/ipython
https://github.com/wesnoth/wesnoth
https://github.com/saltstack/salt
https://github.com/pyca/cryptography
• git://git.openssl.org/openssl.git
https://github.com/dajobe/raptor
https://github.com/opencontainers/runc
https://github.com/openstack/swift

https://github.com/openssh/openssh-portable
https://github.com/collectd/collectd
https://github.com/mongodb/mongo
https://github.com/ADOdb/ADOdb
https://github.com/igniterealtime/Smack
https://github.com/SELinuxProject/selinux
https://github.com/dlitz/pycrypto
https://github.com/teeworlds/teeworlds
https://github.com/karelzak/util-linux
https://git.kernel.org/pub/scm/git/git.git
https://github.com/cyrusimap/cyrus-imapd
https://github.com/ceph/ceph
https://github.com/lepture/mistune
https://github.com/MariaDB/server
https://github.com/golang/net
https://github.com/FreeRDP/FreeRDP
https://github.com/sleuthkit/sleuthkit
https://github.com/Perl/perl5
https://github.com/python/cpython
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/haproxy/haproxy
https://github.com/libuv/libuv
https://github.com/mysql/mysql-server
https://github.com/libgd/libgd
https://github.com/SpiderLabs/ModSecurity
https://github.com/fish-shell/fish-shell
https://github.com/php/php-src
https://github.com/quassel/quassel
https://github.com/ocaml/ocaml
https://github.com/LibRaw/LibRaw
https://github.com/sddm/sddm
https://github.com/axkibe/lsyncd
https://github.com/visionmedia/send
https://github.com/rawstudio/rawstudio
https://github.com/cherokee/webserver
https://github.com/numpy/numpy
https://github.com/rjbs/Email-Address
https://github.com/openid/ruby-openid
https://github.com/moxiecode/plupload
https://github.com/libarchive/libarchive
#Vulnerabilities 5109
Date Id Summary Products Score Patch Annotated
2021-03-25 CVE-2021-3449 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default... Multi\-Domain_management_firmware, Quantum_security_gateway_firmware, Quantum_security_management_firmware, Debian_linux, Fedora, Freebsd, Web_gateway, Web_gateway_cloud_service, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, E\-Series_performance_analyzer, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Snapcenter, Storagegrid, Node\.js, Openssl, Communications_communications_policy_management, Enterprise_manager_for_storage_management, Essbase, Graalvm, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Primavera_unifier, Secure_backup, Secure_global_desktop, Zfs_storage_appliance_kit, Ruggedcom_rcm1224_firmware, Scalance_lpe9403_firmware, Scalance_m\-800_firmware, Scalance_s602_firmware, Scalance_s612_firmware, Scalance_s615_firmware, Scalance_s623_firmware, Scalance_s627\-2m_firmware, Scalance_sc\-600_firmware, Scalance_w1700_firmware, Scalance_w700_firmware, Scalance_xb\-200_firmware, Scalance_xc\-200_firmware, Scalance_xf\-200ba_firmware, Scalance_xm\-400_firmware, Scalance_xp\-200_firmware, Scalance_xr524\-8c_firmware, Scalance_xr526\-8c_firmware, Scalance_xr528\-6m_firmware, Scalance_xr552\-12_firmware, Scalance_xr\-300wg_firmware, Simatic_cloud_connect_7_firmware, Simatic_cp_1242\-7_gprs_v2_firmware, Simatic_hmi_basic_panels_2nd_generation_firmware, Simatic_hmi_comfort_outdoor_panels_firmware, Simatic_hmi_ktp_mobile_panels_firmware, Simatic_logon, Simatic_mv500_firmware, Simatic_net_cp1243\-7_lte_eu_firmware, Simatic_net_cp1243\-7_lte_us_firmware, Simatic_net_cp_1243\-1_firmware, Simatic_net_cp_1243\-8_irc_firmware, Simatic_net_cp_1542sp\-1_irc_firmware, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1543sp\-1_firmware, Simatic_net_cp_1545\-1_firmware, Simatic_pcs_7_telecontrol_firmware, Simatic_pcs_neo_firmware, Simatic_pdm_firmware, Simatic_process_historian_opc_ua_server_firmware, Simatic_rf166c_firmware, Simatic_rf185c_firmware, Simatic_rf186c_firmware, Simatic_rf186ci_firmware, Simatic_rf188c_firmware, Simatic_rf188ci_firmware, Simatic_rf360r_firmware, Simatic_s7\-1200_cpu_1211c_firmware, Simatic_s7\-1200_cpu_1212c_firmware, Simatic_s7\-1200_cpu_1212fc_firmware, Simatic_s7\-1200_cpu_1214_fc_firmware, Simatic_s7\-1200_cpu_1214c_firmware, Simatic_s7\-1200_cpu_1215_fc_firmware, Simatic_s7\-1200_cpu_1215c_firmware, Simatic_s7\-1200_cpu_1217c_firmware, Simatic_s7\-1500_cpu_1518\-4_pn\/dp_mfp_firmware, Simatic_wincc_runtime_advanced, Simatic_wincc_telecontrol, Sinamics_connect_300_firmware, Sinec_infrastructure_network_services, Sinec_nms, Sinec_pni, Sinema_server, Sinumerik_opc_ua_server, Tia_administrator, Tim_1531_irc_firmware, Capture_client, Sma100_firmware, Sonicos, Log_correlation_engine, Nessus, Nessus_network_monitor, Tenable\.sc 5.9
2020-12-08 CVE-2020-1971 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp... Debian_linux, Fedora, Active_iq_unified_manager, Aff_a250_firmware, Clustered_data_ontap_antivirus_connector, Data_ontap, E\-Series_santricity_os_controller, Ef600a_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_smi\-S_provider, Snapcenter, Solidfire, Node\.js, Openssl, Api_gateway, Business_intelligence, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_diameter_intelligence_hub, Communications_session_border_controller, Communications_session_router, Communications_subscriber\-Aware_load_balancer, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_manager_base_platform, Enterprise_manager_for_storage_management, Enterprise_manager_ops_center, Enterprise_session_border_controller, Essbase, Graalvm, Http_server, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Log_correlation_engine, Nessus_network_monitor 5.9
2019-12-18 CVE-2018-1311 The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. Xerces\-C\+\+, Debian_linux, Fedora, Goldengate, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 8.1
2021-03-15 CVE-2021-28363 The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. Fedora, Peoplesoft_enterprise_peopletools, Urllib3 6.5
2021-10-20 CVE-2021-35550 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete... Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Openjdk 5.9
2021-10-20 CVE-2021-35556 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a... Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Openjdk 5.3
2021-10-20 CVE-2021-35564 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or... Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Openjdk 5.3
2021-10-20 CVE-2021-35565 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of... Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Openjdk 5.3
2021-10-20 CVE-2021-35578 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service... Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Openjdk 5.3
2021-10-20 CVE-2021-35586 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a... Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Openjdk 5.3