Product:

Fedora

(Fedoraproject)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/krb5/krb5
https://github.com/torvalds/linux
https://github.com/mdadams/jasper
https://github.com/uclouvain/openjpeg
https://github.com/ntp-project/ntp
https://github.com/FasterXML/jackson-databind
https://github.com/golang/go
https://github.com/dbry/WavPack
https://github.com/newsoft/libvncserver
https://github.com/horde/horde
https://github.com/ClusterLabs/pcs
https://github.com/ipython/ipython
https://github.com/wesnoth/wesnoth
https://github.com/saltstack/salt
https://github.com/json-c/json-c
https://github.com/jquery/jquery-ui

https://github.com/opencontainers/runc
https://github.com/haproxy/haproxy
https://github.com/openssh/openssh-portable
https://github.com/karelzak/util-linux
https://github.com/igniterealtime/Smack
https://github.com/SpiderLabs/ModSecurity
https://github.com/python/cpython
https://github.com/Perl/perl5
https://github.com/golang/net
https://github.com/libjpeg-turbo/libjpeg-turbo
• git://git.openssl.org/openssl.git
https://github.com/teeworlds/teeworlds
https://git.kernel.org/pub/scm/git/git.git
https://github.com/ceph/ceph
https://github.com/MariaDB/server
https://github.com/fish-shell/fish-shell
https://github.com/lepture/mistune
https://github.com/cyrusimap/cyrus-imapd
https://github.com/pyca/cryptography
https://github.com/SELinuxProject/selinux
https://github.com/ADOdb/ADOdb
https://github.com/mongodb/mongo
https://github.com/collectd/collectd
https://github.com/php/php-src
https://github.com/quassel/quassel
https://github.com/ocaml/ocaml
https://github.com/LibRaw/LibRaw
https://github.com/sddm/sddm
https://github.com/libuv/libuv
https://github.com/axkibe/lsyncd
https://github.com/visionmedia/send
https://github.com/rawstudio/rawstudio
https://github.com/cherokee/webserver
https://github.com/numpy/numpy
https://github.com/rjbs/Email-Address
https://github.com/dlitz/pycrypto
https://github.com/openid/ruby-openid
https://github.com/moxiecode/plupload
https://github.com/libarchive/libarchive
#Vulnerabilities 3358
Date Id Summary Products Score Patch Annotated
2022-02-14 CVE-2021-45444 In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. Debian_linux, Fedora, Zsh 7.8
2022-03-14 CVE-2022-22719 A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Http_server, Debian_linux, Fedora 7.5
2022-03-14 CVE-2022-22720 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Http_server, Debian_linux, Fedora 9.8
2022-03-14 CVE-2022-22721 If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Http_server, Debian_linux, Fedora 9.8
2021-03-19 CVE-2021-28089 Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. Fedora, Tor 7.5
2021-03-19 CVE-2021-28090 Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. Fedora, Tor 5.3
2021-03-30 CVE-2021-29647 An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. Debian_linux, Fedora, Linux_kernel 5.5
2021-03-30 CVE-2021-29650 An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. Debian_linux, Fedora, Linux_kernel 5.5
2021-04-07 CVE-2021-30184 GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. Fedora, Chess 7.8
2021-05-27 CVE-2021-30465 runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. Fedora, Runc 8.5