Product:

Fedora

(Fedoraproject)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/krb5/krb5
https://github.com/torvalds/linux
https://github.com/mdadams/jasper
https://github.com/uclouvain/openjpeg
https://github.com/ntp-project/ntp
https://github.com/FasterXML/jackson-databind
https://github.com/golang/go
https://github.com/apache/httpd
https://github.com/ClusterLabs/pcs
https://github.com/jquery/jquery-ui
https://github.com/dbry/WavPack
https://github.com/newsoft/libvncserver
https://github.com/horde/horde
https://github.com/ipython/ipython
https://github.com/wesnoth/wesnoth
https://github.com/saltstack/salt
https://github.com/json-c/json-c
https://github.com/libuv/libuv

• git://git.openssl.org/openssl.git
https://github.com/openssh/openssh-portable
https://github.com/sleuthkit/sleuthkit
https://github.com/mysql/mysql-server
https://github.com/libgd/libgd
https://github.com/opencontainers/runc
https://github.com/haproxy/haproxy
https://github.com/karelzak/util-linux
https://github.com/igniterealtime/Smack
https://github.com/SpiderLabs/ModSecurity
https://github.com/python/cpython
https://github.com/Perl/perl5
https://github.com/golang/net
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/teeworlds/teeworlds
https://git.kernel.org/pub/scm/git/git.git
https://github.com/ceph/ceph
https://github.com/MariaDB/server
https://github.com/fish-shell/fish-shell
https://github.com/lepture/mistune
https://github.com/cyrusimap/cyrus-imapd
https://github.com/pyca/cryptography
https://github.com/SELinuxProject/selinux
https://github.com/ADOdb/ADOdb
https://github.com/mongodb/mongo
https://github.com/collectd/collectd
https://github.com/php/php-src
https://github.com/quassel/quassel
https://github.com/ocaml/ocaml
https://github.com/LibRaw/LibRaw
https://github.com/sddm/sddm
https://github.com/axkibe/lsyncd
https://github.com/visionmedia/send
https://github.com/rawstudio/rawstudio
https://github.com/cherokee/webserver
https://github.com/numpy/numpy
https://github.com/rjbs/Email-Address
https://github.com/dlitz/pycrypto
https://github.com/openid/ruby-openid
https://github.com/moxiecode/plupload
https://github.com/libarchive/libarchive
#Vulnerabilities 4489
Date Id Summary Products Score Patch Annotated
2023-05-30 CVE-2023-34151 A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux 5.5
2023-05-30 CVE-2023-34152 A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux 9.8
2023-05-30 CVE-2023-34153 A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux 7.8
2023-05-25 CVE-2023-31130 c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed... C\-Ares, Fedora 6.4
2023-05-25 CVE-2023-32067 c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. C\-Ares, Fedora 7.5
2023-03-30 CVE-2023-27536 An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. Debian_linux, Fedora, Libcurl, Active_iq_unified_manager, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Ontap 5.9
2020-11-03 CVE-2020-16009 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Cefsharp, Debian_linux, Fedora, Chrome, Edge, Edge_chromium, Backports_sle, Leap 8.8
2022-02-24 CVE-2021-3610 A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. Fedora, Imagemagick, Enterprise_linux 7.5
2023-05-26 CVE-2023-1667 A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. Debian_linux, Fedora, Libssh, Enterprise_linux 6.5
2023-05-26 CVE-2023-2283 A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed... Fedora, Libssh, Enterprise_linux 6.5