Product:

Fedora

(Fedoraproject)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/mdadams/jasper
https://github.com/krb5/krb5
https://github.com/uclouvain/openjpeg
https://github.com/FasterXML/jackson-databind
https://github.com/golang/go
https://github.com/torvalds/linux
https://github.com/ntp-project/ntp
https://github.com/horde/horde
https://github.com/ClusterLabs/pcs
https://github.com/ipython/ipython
https://github.com/wesnoth/wesnoth
https://github.com/saltstack/salt
https://github.com/newsoft/libvncserver
https://github.com/json-c/json-c
https://github.com/dbry/WavPack
https://git.kernel.org/pub/scm/git/git.git
https://github.com/ceph/ceph
https://github.com/MariaDB/server
https://github.com/fish-shell/fish-shell
https://github.com/Perl/perl5
https://github.com/opencontainers/runc
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/python/cpython
https://github.com/golang/net
https://github.com/lepture/mistune
https://github.com/cyrusimap/cyrus-imapd
https://github.com/teeworlds/teeworlds
https://github.com/pyca/cryptography
https://github.com/SELinuxProject/selinux
https://github.com/ADOdb/ADOdb
https://github.com/openssh/openssh-portable
https://github.com/mongodb/mongo
https://github.com/collectd/collectd
https://github.com/php/php-src
https://github.com/quassel/quassel
https://github.com/igniterealtime/Smack
https://github.com/ocaml/ocaml
https://github.com/LibRaw/LibRaw
https://github.com/sddm/sddm
https://github.com/libuv/libuv
https://github.com/karelzak/util-linux
https://github.com/axkibe/lsyncd
https://github.com/visionmedia/send
https://github.com/rawstudio/rawstudio
https://github.com/cherokee/webserver
https://github.com/numpy/numpy
https://github.com/rjbs/Email-Address
https://github.com/dlitz/pycrypto
https://github.com/openid/ruby-openid
https://github.com/moxiecode/plupload
https://github.com/libarchive/libarchive
#Vulnerabilities 772
Date ID Summary Products Score Patch
2019-10-31 CVE-2013-1930 MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. Fedora, Mantisbt N/A
2019-07-16 CVE-2019-10191 A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol. Fedora 7.5
2019-10-31 CVE-2013-1931 A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. Fedora, Mantisbt N/A
2019-02-04 CVE-2019-1000020 libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. Ubuntu_linux, Debian_linux, Fedora, Libarchive, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation N/A
2019-02-04 CVE-2019-1000019 libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. Ubuntu_linux, Debian_linux, Fedora, Libarchive, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation N/A
2018-12-20 CVE-2018-1000879 libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. Fedora, Libarchive, Leap N/A
2018-12-20 CVE-2018-1000878 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. Ubuntu_linux, Debian_linux, Fedora, Libarchive, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation N/A
2018-12-20 CVE-2018-1000877 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. Ubuntu_linux, Debian_linux, Fedora, Libarchive, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation N/A
2019-11-04 CVE-2015-8980 The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. Fedora, Leap, Php\-Gettext, Enterprise_linux N/A
2019-11-01 CVE-2013-4751 php-symfony2-Validator has loss of information during serialization Fedora, Enterprise_linux, Symfony N/A