Product:

Fedora

(Fedoraproject)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/mdadams/jasper
https://github.com/torvalds/linux
https://github.com/uclouvain/openjpeg
https://github.com/krb5/krb5
https://github.com/FasterXML/jackson-databind
https://github.com/golang/go
https://github.com/ntp-project/ntp
https://github.com/dbry/WavPack
https://github.com/newsoft/libvncserver
https://github.com/horde/horde
https://github.com/ClusterLabs/pcs
https://github.com/ipython/ipython
https://github.com/wesnoth/wesnoth
https://github.com/saltstack/salt
https://github.com/json-c/json-c
https://github.com/opencontainers/runc
https://github.com/python/cpython
https://github.com/Perl/perl5
https://github.com/golang/net
https://github.com/libjpeg-turbo/libjpeg-turbo
• git://git.openssl.org/openssl.git
https://github.com/jquery/jquery-ui
https://github.com/teeworlds/teeworlds
https://git.kernel.org/pub/scm/git/git.git
https://github.com/ceph/ceph
https://github.com/MariaDB/server
https://github.com/fish-shell/fish-shell
https://github.com/lepture/mistune
https://github.com/cyrusimap/cyrus-imapd
https://github.com/pyca/cryptography
https://github.com/SELinuxProject/selinux
https://github.com/ADOdb/ADOdb
https://github.com/openssh/openssh-portable
https://github.com/mongodb/mongo
https://github.com/collectd/collectd
https://github.com/php/php-src
https://github.com/quassel/quassel
https://github.com/igniterealtime/Smack
https://github.com/ocaml/ocaml
https://github.com/LibRaw/LibRaw
https://github.com/sddm/sddm
https://github.com/libuv/libuv
https://github.com/karelzak/util-linux
https://github.com/axkibe/lsyncd
https://github.com/visionmedia/send
https://github.com/rawstudio/rawstudio
https://github.com/cherokee/webserver
https://github.com/numpy/numpy
https://github.com/rjbs/Email-Address
https://github.com/dlitz/pycrypto
https://github.com/openid/ruby-openid
https://github.com/moxiecode/plupload
https://github.com/libarchive/libarchive
#Vulnerabilities 1238
Date Id Summary Products Score Patch Annotated
2020-04-28 CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. Debian_linux, Fedora, Json, Leap 7.5
2017-01-13 CVE-2016-2090 Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. Ubuntu_linux, Debian_linux, Fedora, Libbsd 9.8
2020-04-29 CVE-2020-11884 In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. Ubuntu_linux, Debian_linux, Fedora, Linux_kernel 7.0
2020-02-02 CVE-2019-20446 In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. Ubuntu_linux, Debian_linux, Fedora, Librsvg, Leap 6.5
2020-09-21 CVE-2020-6568 Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Fedora, Chrome, Backports_sle, Leap 6.5
2020-09-21 CVE-2020-6569 Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Fedora, Chrome, Backports_sle, Leap 6.3
2020-09-21 CVE-2020-6566 Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Fedora, Chrome, Backports_sle, Leap 6.5
2020-09-21 CVE-2020-6567 Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Fedora, Chrome, Backports_sle, Leap 6.5
2020-09-21 CVE-2020-6565 Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Fedora, Chrome, Leap 6.5
2020-09-21 CVE-2020-6564 Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page. Fedora, Chrome, Backports_sle, Leap 6.5