Product:

Fedora

(Fedoraproject)
Repositories https://github.com/torvalds/linux
https://github.com/phpmyadmin/phpmyadmin
https://github.com/krb5/krb5
https://github.com/mdadams/jasper
https://github.com/uclouvain/openjpeg
https://github.com/golang/go
https://github.com/FasterXML/jackson-databind
https://github.com/ntp-project/ntp
https://github.com/dbry/WavPack
https://github.com/apache/httpd
https://github.com/json-c/json-c
https://github.com/jquery/jquery-ui
https://github.com/ClusterLabs/pcs
https://github.com/newsoft/libvncserver
https://github.com/horde/horde
https://github.com/ipython/ipython
https://github.com/wesnoth/wesnoth
https://github.com/saltstack/salt
https://github.com/pyca/cryptography
• git://git.openssl.org/openssl.git
https://github.com/dajobe/raptor
https://github.com/opencontainers/runc
https://github.com/openstack/swift

https://github.com/openssh/openssh-portable
https://github.com/collectd/collectd
https://github.com/mongodb/mongo
https://github.com/ADOdb/ADOdb
https://github.com/igniterealtime/Smack
https://github.com/SELinuxProject/selinux
https://github.com/dlitz/pycrypto
https://github.com/teeworlds/teeworlds
https://github.com/karelzak/util-linux
https://git.kernel.org/pub/scm/git/git.git
https://github.com/cyrusimap/cyrus-imapd
https://github.com/ceph/ceph
https://github.com/lepture/mistune
https://github.com/MariaDB/server
https://github.com/golang/net
https://github.com/FreeRDP/FreeRDP
https://github.com/sleuthkit/sleuthkit
https://github.com/Perl/perl5
https://github.com/python/cpython
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/haproxy/haproxy
https://github.com/libuv/libuv
https://github.com/mysql/mysql-server
https://github.com/libgd/libgd
https://github.com/SpiderLabs/ModSecurity
https://github.com/fish-shell/fish-shell
https://github.com/php/php-src
https://github.com/quassel/quassel
https://github.com/ocaml/ocaml
https://github.com/LibRaw/LibRaw
https://github.com/sddm/sddm
https://github.com/axkibe/lsyncd
https://github.com/visionmedia/send
https://github.com/rawstudio/rawstudio
https://github.com/cherokee/webserver
https://github.com/numpy/numpy
https://github.com/rjbs/Email-Address
https://github.com/openid/ruby-openid
https://github.com/moxiecode/plupload
https://github.com/libarchive/libarchive
#Vulnerabilities 5109
Date Id Summary Products Score Patch Annotated
2019-05-24 CVE-2019-10143 It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." Fedora, Freeradius, Enterprise_linux 7.0
2019-11-18 CVE-2019-19055 A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred Ubuntu_linux, Fedora, Linux_kernel 5.5
2019-11-18 CVE-2019-19046 A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time Fedora, Linux_kernel, Leap 6.5
2019-11-18 CVE-2019-19070 A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began Fedora, Linux_kernel 7.5
2021-11-01 CVE-2021-42574 An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode... Fedora, Starwind_virtual_san, Unicode 8.3
2021-11-13 CVE-2021-43616 The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. NOTE: The npm team believes this is not a vulnerability. It would require someone to socially engineer package.json which has... Fedora, Next_generation_application_programming_interface, Npm 9.8
2022-08-23 CVE-2021-28861 Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." Fedora, Python 7.4
2021-01-19 CVE-2021-3178 fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior Debian_linux, Fedora, Linux_kernel 6.5
2021-02-23 CVE-2021-3407 A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences. Mupdf, Debian_linux, Fedora 5.5
2022-09-22 CVE-2022-1941 A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend... Debian_linux, Fedora, Protobuf\-Cpp, Protobuf\-Python 7.5