Product:

Fedora

(Fedoraproject)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/mdadams/jasper
https://github.com/torvalds/linux
https://github.com/uclouvain/openjpeg
https://github.com/krb5/krb5
https://github.com/FasterXML/jackson-databind
https://github.com/golang/go
https://github.com/ntp-project/ntp
https://github.com/newsoft/libvncserver
https://github.com/dbry/WavPack
https://github.com/horde/horde
https://github.com/ClusterLabs/pcs
https://github.com/ipython/ipython
https://github.com/wesnoth/wesnoth
https://github.com/saltstack/salt
https://github.com/json-c/json-c
https://github.com/opencontainers/runc
https://github.com/python/cpython
https://github.com/Perl/perl5
https://github.com/golang/net
https://github.com/libjpeg-turbo/libjpeg-turbo
• git://git.openssl.org/openssl.git
https://github.com/jquery/jquery-ui
https://github.com/teeworlds/teeworlds
https://git.kernel.org/pub/scm/git/git.git
https://github.com/ceph/ceph
https://github.com/MariaDB/server
https://github.com/fish-shell/fish-shell
https://github.com/lepture/mistune
https://github.com/cyrusimap/cyrus-imapd
https://github.com/pyca/cryptography
https://github.com/SELinuxProject/selinux
https://github.com/ADOdb/ADOdb
https://github.com/openssh/openssh-portable
https://github.com/mongodb/mongo
https://github.com/collectd/collectd
https://github.com/php/php-src
https://github.com/quassel/quassel
https://github.com/igniterealtime/Smack
https://github.com/ocaml/ocaml
https://github.com/LibRaw/LibRaw
https://github.com/sddm/sddm
https://github.com/libuv/libuv
https://github.com/karelzak/util-linux
https://github.com/axkibe/lsyncd
https://github.com/visionmedia/send
https://github.com/rawstudio/rawstudio
https://github.com/cherokee/webserver
https://github.com/numpy/numpy
https://github.com/rjbs/Email-Address
https://github.com/dlitz/pycrypto
https://github.com/openid/ruby-openid
https://github.com/moxiecode/plupload
https://github.com/libarchive/libarchive
#Vulnerabilities 1198
Date Id Summary Products Score Patch Annotated
2020-11-19 CVE-2020-8277 A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. Fedora, Node\.js 7.5
2020-11-19 CVE-2020-28949 Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. Debian_linux, Fedora, Archive_tar 7.8
2020-11-19 CVE-2020-28948 Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Debian_linux, Fedora, Archive_tar 7.8
2019-04-09 CVE-2019-3870 A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is... Fedora, Samba, Active_directory_server, Diskstation_manager, Router_manager, Skynas_firmware, Vs960hd_firmware 6.1
2019-12-10 CVE-2019-14889 A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. Ubuntu_linux, Debian_linux, Fedora, Libssh, Leap, Mysql_workbench 8.0
2019-12-10 CVE-2019-14861 All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that... Ubuntu_linux, Fedora, Leap, Samba 5.3
2020-01-07 CVE-2019-14834 A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. Fedora, Dnsmasq 3.7
2019-11-08 CVE-2019-10222 A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. Ceph, Fedora, Ceph_storage 7.5
2018-12-13 CVE-2018-16872 A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and... Ubuntu_linux, Debian_linux, Fedora, Leap, Qemu 5.3
2020-11-20 CVE-2020-4788 IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. Fedora, Aix, Vios 4.7