Product:

Fedora

(Fedoraproject)
Repositories https://github.com/torvalds/linux
https://github.com/phpmyadmin/phpmyadmin
https://github.com/krb5/krb5
https://github.com/mdadams/jasper
https://github.com/uclouvain/openjpeg
https://github.com/golang/go
https://github.com/FasterXML/jackson-databind
https://github.com/ntp-project/ntp
https://github.com/dbry/WavPack
https://github.com/apache/httpd
https://github.com/json-c/json-c
https://github.com/jquery/jquery-ui
https://github.com/ClusterLabs/pcs
https://github.com/newsoft/libvncserver
https://github.com/horde/horde
https://github.com/ipython/ipython
https://github.com/wesnoth/wesnoth
https://github.com/saltstack/salt
https://github.com/pyca/cryptography
• git://git.openssl.org/openssl.git
https://github.com/dajobe/raptor
https://github.com/opencontainers/runc
https://github.com/openstack/swift

https://github.com/openssh/openssh-portable
https://github.com/collectd/collectd
https://github.com/mongodb/mongo
https://github.com/ADOdb/ADOdb
https://github.com/igniterealtime/Smack
https://github.com/SELinuxProject/selinux
https://github.com/dlitz/pycrypto
https://github.com/teeworlds/teeworlds
https://github.com/karelzak/util-linux
https://git.kernel.org/pub/scm/git/git.git
https://github.com/cyrusimap/cyrus-imapd
https://github.com/ceph/ceph
https://github.com/lepture/mistune
https://github.com/MariaDB/server
https://github.com/golang/net
https://github.com/FreeRDP/FreeRDP
https://github.com/sleuthkit/sleuthkit
https://github.com/Perl/perl5
https://github.com/python/cpython
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/haproxy/haproxy
https://github.com/libuv/libuv
https://github.com/mysql/mysql-server
https://github.com/libgd/libgd
https://github.com/SpiderLabs/ModSecurity
https://github.com/fish-shell/fish-shell
https://github.com/php/php-src
https://github.com/quassel/quassel
https://github.com/ocaml/ocaml
https://github.com/LibRaw/LibRaw
https://github.com/sddm/sddm
https://github.com/axkibe/lsyncd
https://github.com/visionmedia/send
https://github.com/rawstudio/rawstudio
https://github.com/cherokee/webserver
https://github.com/numpy/numpy
https://github.com/rjbs/Email-Address
https://github.com/openid/ruby-openid
https://github.com/moxiecode/plupload
https://github.com/libarchive/libarchive
#Vulnerabilities 5109
Date Id Summary Products Score Patch Annotated
2023-01-12 CVE-2023-23456 A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. Fedora, Upx 5.5
2023-01-12 CVE-2023-23457 A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. Fedora, Upx 5.5
2023-03-23 CVE-2023-1544 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. Fedora, Qemu 6.3
2023-03-23 CVE-2023-28336 Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. Fedora, Moodle 4.3
2023-05-02 CVE-2023-30943 The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Extra_packages_for_enterprise_linux, Fedora, Moodle 5.3
2023-05-02 CVE-2023-30944 The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. Extra_packages_for_enterprise_linux, Fedora, Moodle 7.3
2023-07-24 CVE-2023-1386 A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host. Fedora, Qemu 7.8
2019-07-10 CVE-2019-13132 In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. Ubuntu_linux, Debian_linux, Fedora, Libzmq 9.8
2020-06-08 CVE-2020-12695 The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. Rt\-N11, Adsl, Selphy_cp1200, Ubuntu_linux, Wap131, Wap150, Wap351, Debian_linux, B1165nfw, Dvg\-N5412sp, Ep\-101, Ew\-M970a3t, M571t, Xp\-100, Xp\-2101, Xp\-2105, Xp\-241, Xp\-320, Xp\-330, Xp\-340, Xp\-4100, Xp\-4105, Xp\-440, Xp\-620, Xp\-630, Xp\-702, Xp\-8500, Xp\-8600, Xp\-960, Xp\-970, Fedora, 5020_z4a69a, 5030_m2u92b, 5030_z4a70a, 5034_z4a74a, 5660_f8b04a, Deskjet_ink_advantage_3456_a9t84c, Deskjet_ink_advantage_3545_a9t81a, Deskjet_ink_advantage_3545_a9t81c, Deskjet_ink_advantage_3545_a9t83b, Deskjet_ink_advantage_3546_a9t82a, Deskjet_ink_advantage_3548_a9t81b, Deskjet_ink_advantage_4515, Deskjet_ink_advantage_4518, Deskjet_ink_advantage_4535_f0v64a, Deskjet_ink_advantage_4535_f0v64b, Deskjet_ink_advantage_4535_f0v64c, Deskjet_ink_advantage_4536_f0v65a, Deskjet_ink_advantage_4538_f0v66b, Deskjet_ink_advantage_4675_f1h97a, Deskjet_ink_advantage_4675_f1h97b, Deskjet_ink_advantage_4675_f1h97c, Deskjet_ink_advantage_4676_f1h98a, Deskjet_ink_advantage_4678_f1h99b, Deskjet_ink_advantage_5575_g0v48b, Deskjet_ink_advantage_5575_g0v48c, Envy_100_cn517a, Envy_100_cn517b, Envy_100_cn517c, Envy_100_cn518a, Envy_100_cn519a, Envy_100_cn519b, Envy_110_cq809a, Envy_110_cq809b, Envy_110_cq809c, Envy_110_cq809d, Envy_110_cq812c, Envy_111_cq810a, Envy_114_cq811a, Envy_114_cq811b, Envy_114_cq812a, Envy_120_cz022a, Envy_120_cz022b, Envy_120_cz022c, Envy_4500_a9t80a, Envy_4500_a9t80b, Envy_4500_a9t89a, Envy_4500_d3p93a, Envy_4501_c8d05a, Envy_4502_a9t85a, Envy_4502_a9t87b, Envy_4503_e6g71b, Envy_4504_a9t88b, Envy_4504_c8d04a, Envy_4505_a9t86a, Envy_4507_e6g70b, Envy_4508_e6g72b, Envy_4509_d3p94a, Envy_4509_d3p94b, Envy_4511_k9h50a, Envy_4512_k9h49a, Envy_4513_k9h51a, Envy_4516_k9h52a, Envy_4520_e6g67a, Envy_4520_e6g67b, Envy_4520_f0v63a, Envy_4520_f0v63b, Envy_4520_f0v69a, Envy_4521_k9t10b, Envy_4522_f0v67a, Envy_4523_j6u60b, Envy_4524_f0v71b, Envy_4524_f0v72b, Envy_4524_k9t01a, Envy_4525_k9t09b, Envy_4526_k9t05b, Envy_4527_j6u61b, Envy_4528_k9t08b, Envy_5000_m2u85a, Envy_5000_m2u85b, Envy_5000_m2u91a, Envy_5000_m2u94b, Envy_5000_z4a54a, Envy_5000_z4a74a, Envy_5020_m2u91b, Envy_5530, Envy_5531, Envy_5532, Envy_5534, Envy_5535, Envy_5536, Envy_5539, Envy_5540_f2e72a, Envy_5540_g0v47a, Envy_5540_g0v51a, Envy_5540_g0v52a, Envy_5540_g0v53a, Envy_5540_k7c85a, Envy_5541_k7g89a, Envy_5542_k7c88a, Envy_5543_n9u88a, Envy_5544_k7c89a, Envy_5544_k7c93a, Envy_5545_g0v50a, Envy_5546_k7c90a, Envy_5547_j6u64a, Envy_5548_k7g87a, Envy_5640_b9s56a, Envy_5640_b9s58a, Envy_5642_b9s64a, Envy_5643_b9s63a, Envy_5644_b9s65a, Envy_5646_f8b05a, Envy_5664_f8b08a, Envy_5665_f8b06a, Envy_6020_5se16b, Envy_6020_5se17a, Envy_6020_6wd35a, Envy_6020_7cz37a, Envy_6052_5se18a, Envy_6055_5se16a, Envy_6540_b9s59a, Envy_7640, Envy_7644_e4w46a, Envy_7645_e4w44a, Envy_photo_6200_k7g18a, Envy_photo_6200_k7g26b, Envy_photo_6200_k7s21b, Envy_photo_6200_y0k13d_, Envy_photo_6200_y0k15a, Envy_photo_6220_k7g20d, Envy_photo_6220_k7g21b, Envy_photo_6222_y0k13d, Envy_photo_6222_y0k14d, Envy_photo_6230_k7g25b, Envy_photo_6232_k7g26b, Envy_photo_6234_k7s21b, Envy_photo_6252_k7g22a, Envy_photo_7100_3xd89a, Envy_photo_7100_k7g93a, Envy_photo_7100_k7g99a, Envy_photo_7100_z3m37a, Envy_photo_7100_z3m52a, Envy_photo_7120_z3m41d, Envy_photo_7155_z3m52a, Envy_photo_7164_k7g99a, Envy_photo_7800_k7r96a, Envy_photo_7800_k7s00a, Envy_photo_7800_k7s10d, Envy_photo_7800_y0g42d, Envy_photo_7800_y0g52b, Envy_photo_7822_y0g42d, Envy_photo_7822_y0g43d, Envy_photo_7830_y0g50b, Envy_pro_6420_5se45b, Envy_pro_6420_5se46a, Envy_pro_6420_6wd14a, Envy_pro_6420_6wd16a, Envy_pro_6452_5se47a, Envy_pro_6455_5se45a, Officejet_4650_e6g87a, Officejet_4650_f1h96a, Officejet_4650_f1h96b, Officejet_4652_f1j02a, Officejet_4652_f1j05b, Officejet_4652_k9v84b, Officejet_4654_f1j06b, Officejet_4654_f1j07b, Officejet_4655_f1j00a, Officejet_4655_k9v79a, Officejet_4655_k9v82b, Officejet_4656_k9v81b, Officejet_4657_v6d29b, Officejet_4658_v6d30b, Hg255s, Hg532e, Windows_10, Xbox_one, Wr8165n, Wnhde111, Zonedirector_1200, Archer_c50, Unifi_controller, Hostapd, Zxv10_w300, Amg1202\-T10b, Vmg8324\-B10a 7.5
2020-12-14 CVE-2020-8284 A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. Mac_os_x, Macos, Debian_linux, Fedora, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Curl, Clustered_data_ontap, Hci_bootstrap_os, Hci_management_node, Hci_storage_node, Solidfire, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Essbase, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Universal_forwarder 3.7