Fedora - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Fedora
(Fedoraproject)

Repositories

• https://github.com/torvalds/linux
• https://github.com/phpmyadmin/phpmyadmin
• https://github.com/krb5/krb5
• https://github.com/mdadams/jasper
• https://github.com/uclouvain/openjpeg

• https://github.com/golang/go
• https://github.com/FasterXML/jackson-databind
• https://github.com/ntp-project/ntp
• https://github.com/apache/httpd
• https://github.com/dbry/WavPack
• https://github.com/json-c/json-c
• https://github.com/jquery/jquery-ui
• https://github.com/ClusterLabs/pcs
• https://github.com/newsoft/libvncserver
• https://github.com/horde/horde
• https://github.com/ipython/ipython
• https://github.com/wesnoth/wesnoth
• https://github.com/saltstack/salt
• git://git.openssl.org/openssl.git
•
• https://github.com/haproxy/haproxy
• https://github.com/pyca/cryptography
• https://github.com/dajobe/raptor
• https://github.com/opencontainers/runc
• https://github.com/openstack/swift
• https://github.com/openssh/openssh-portable
• https://github.com/collectd/collectd
• https://github.com/mongodb/mongo
• https://github.com/ADOdb/ADOdb
• https://github.com/igniterealtime/Smack
• https://github.com/SELinuxProject/selinux
• https://github.com/dlitz/pycrypto
• https://github.com/teeworlds/teeworlds
• https://github.com/karelzak/util-linux
• https://git.kernel.org/pub/scm/git/git.git
• https://github.com/cyrusimap/cyrus-imapd
• https://github.com/ceph/ceph
• https://github.com/lepture/mistune
• https://github.com/MariaDB/server
• https://github.com/golang/net
• https://github.com/FreeRDP/FreeRDP
• https://github.com/sleuthkit/sleuthkit
• https://github.com/Perl/perl5
• https://github.com/python/cpython
• https://github.com/libjpeg-turbo/libjpeg-turbo
• https://github.com/libuv/libuv
• https://github.com/mysql/mysql-server
• https://github.com/libgd/libgd
• https://github.com/SpiderLabs/ModSecurity
• https://github.com/fish-shell/fish-shell
• https://github.com/php/php-src
• https://github.com/quassel/quassel
• https://github.com/ocaml/ocaml
• https://github.com/LibRaw/LibRaw
• https://github.com/sddm/sddm
• https://github.com/axkibe/lsyncd
• https://github.com/visionmedia/send
• https://github.com/rawstudio/rawstudio
• https://github.com/cherokee/webserver
• https://github.com/numpy/numpy
• https://github.com/rjbs/Email-Address
• https://github.com/openid/ruby-openid
• https://github.com/moxiecode/plupload
• https://github.com/libarchive/libarchive

#Vulnerabilities

5263

Date	Id	Summary	Products	Score	Patch	Annotated
2016-09-07	CVE-2016-5404	The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.	Fedora, Freeipa, Linux	6.5
2016-09-26	CVE-2016-3110	mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.	Fedora, Jboss_enterprise_application_platform, Jboss_enterprise_web_server	7.5
2017-02-28	CVE-2017-5884	gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.	Fedora, Gtk\-Vnc	7.8
2017-02-28	CVE-2017-5885	Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.	Fedora, Gtk\-Vnc	9.8
2017-04-14	CVE-2016-6299	The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.	Fedora, Scm_plugin	7.8
2017-04-21	CVE-2016-0720	Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.	Pcs, Fedora, Enterprise_linux	8.8
2017-04-21	CVE-2016-0721	Session fixation vulnerability in pcsd in pcs before 0.9.157.	Pcs, Fedora, Enterprise_linux	8.1
2017-06-13	CVE-2016-3696	The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.	Fedora, Pulp	5.5
2017-06-13	CVE-2016-3704	Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.	Fedora, Pulp	7.5
2017-06-13	CVE-2016-5391	libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).	Fedora, Libreswan	7.5