Product:

Fedora

(Fedoraproject)
Repositories https://github.com/torvalds/linux
https://github.com/phpmyadmin/phpmyadmin
https://github.com/krb5/krb5
https://github.com/mdadams/jasper
https://github.com/uclouvain/openjpeg
https://github.com/golang/go
https://github.com/FasterXML/jackson-databind
https://github.com/ntp-project/ntp
https://github.com/dbry/WavPack
https://github.com/apache/httpd
https://github.com/json-c/json-c
https://github.com/jquery/jquery-ui
https://github.com/ClusterLabs/pcs
https://github.com/newsoft/libvncserver
https://github.com/horde/horde
https://github.com/ipython/ipython
https://github.com/wesnoth/wesnoth
https://github.com/saltstack/salt
https://github.com/pyca/cryptography
• git://git.openssl.org/openssl.git
https://github.com/dajobe/raptor
https://github.com/opencontainers/runc
https://github.com/openstack/swift

https://github.com/openssh/openssh-portable
https://github.com/collectd/collectd
https://github.com/mongodb/mongo
https://github.com/ADOdb/ADOdb
https://github.com/igniterealtime/Smack
https://github.com/SELinuxProject/selinux
https://github.com/dlitz/pycrypto
https://github.com/teeworlds/teeworlds
https://github.com/karelzak/util-linux
https://git.kernel.org/pub/scm/git/git.git
https://github.com/cyrusimap/cyrus-imapd
https://github.com/ceph/ceph
https://github.com/lepture/mistune
https://github.com/MariaDB/server
https://github.com/golang/net
https://github.com/FreeRDP/FreeRDP
https://github.com/sleuthkit/sleuthkit
https://github.com/Perl/perl5
https://github.com/python/cpython
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/haproxy/haproxy
https://github.com/libuv/libuv
https://github.com/mysql/mysql-server
https://github.com/libgd/libgd
https://github.com/SpiderLabs/ModSecurity
https://github.com/fish-shell/fish-shell
https://github.com/php/php-src
https://github.com/quassel/quassel
https://github.com/ocaml/ocaml
https://github.com/LibRaw/LibRaw
https://github.com/sddm/sddm
https://github.com/axkibe/lsyncd
https://github.com/visionmedia/send
https://github.com/rawstudio/rawstudio
https://github.com/cherokee/webserver
https://github.com/numpy/numpy
https://github.com/rjbs/Email-Address
https://github.com/openid/ruby-openid
https://github.com/moxiecode/plupload
https://github.com/libarchive/libarchive
#Vulnerabilities 5109
Date Id Summary Products Score Patch Annotated
2023-05-25 CVE-2023-32067 c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. C\-Ares, Debian_linux, Fedora 7.5
2023-08-08 CVE-2023-20588 A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.  Athlon_gold_3150g_firmware, Athlon_gold_3150ge_firmware, Athlon_gold_pro_3150g_firmware, Athlon_gold_pro_3150ge_firmware, Athlon_pro_300ge_firmware, Athlon_silver_3050ge_firmware, Athlon_silver_pro_3125ge_firmware, Epyc_7251_firmware, Epyc_7261_firmware, Epyc_7281_firmware, Epyc_7301_firmware, Epyc_7351_firmware, Epyc_7351p_firmware, Epyc_7371_firmware, Epyc_7401_firmware, Epyc_7401p_firmware, Epyc_7451_firmware, Epyc_7501_firmware, Epyc_7551_firmware, Epyc_7551p_firmware, Epyc_7571_firmware, Epyc_7601_firmware, Ryzen_3_3200g_firmware, Ryzen_3_3200ge_firmware, Ryzen_3_pro_3200g_firmware, Ryzen_3_pro_3200ge_firmware, Ryzen_5_3400g_firmware, Ryzen_5_pro_3350g_firmware, Ryzen_5_pro_3350ge_firmware, Ryzen_5_pro_3400g_firmware, Ryzen_5_pro_3400ge_firmware, Debian_linux, Fedora, Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_21h2, Windows_11_22h2, Windows_11_23h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022_23h2, Xen 5.5
2023-10-23 CVE-2023-31122 Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. Http_server, Fedora 7.5
2023-12-21 CVE-2023-7024 Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Debian_linux, Fedora, Chrome 8.8
2023-12-24 CVE-2023-51764 Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent... Fedora, Postfix, Enterprise_linux 5.3
2024-02-14 CVE-2023-50387 Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. Fedora, Bind, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Knot_resolver, Unbound, Recursor, Enterprise_linux, Dnsmasq 7.5
2024-02-19 CVE-2024-1597 pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that... Fedora, Postgresql_jdbc_driver 9.8
2021-05-26 CVE-2021-22543 An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. Debian_linux, Fedora, Linux_kernel, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware 7.8
2021-06-08 CVE-2021-31957 ASP.NET Core Denial of Service Vulnerability Fedora, \.net, \.net_core, Visual_studio_2019 5.9
2023-01-10 CVE-2023-21538 .NET Denial of Service Vulnerability Fedora, \.net, Powershell 7.5