Product:

Fedora

(Fedoraproject)
Repositories https://github.com/torvalds/linux
https://github.com/phpmyadmin/phpmyadmin
https://github.com/krb5/krb5
https://github.com/mdadams/jasper
https://github.com/uclouvain/openjpeg
https://github.com/golang/go
https://github.com/FasterXML/jackson-databind
https://github.com/ntp-project/ntp
https://github.com/apache/httpd
https://github.com/dbry/WavPack
https://github.com/json-c/json-c
https://github.com/jquery/jquery-ui
https://github.com/ClusterLabs/pcs
https://github.com/newsoft/libvncserver
https://github.com/horde/horde
https://github.com/ipython/ipython
https://github.com/wesnoth/wesnoth
https://github.com/saltstack/salt
• git://git.openssl.org/openssl.git

https://github.com/haproxy/haproxy
https://github.com/pyca/cryptography
https://github.com/dajobe/raptor
https://github.com/opencontainers/runc
https://github.com/openstack/swift
https://github.com/openssh/openssh-portable
https://github.com/collectd/collectd
https://github.com/mongodb/mongo
https://github.com/ADOdb/ADOdb
https://github.com/igniterealtime/Smack
https://github.com/SELinuxProject/selinux
https://github.com/dlitz/pycrypto
https://github.com/teeworlds/teeworlds
https://github.com/karelzak/util-linux
https://git.kernel.org/pub/scm/git/git.git
https://github.com/cyrusimap/cyrus-imapd
https://github.com/ceph/ceph
https://github.com/lepture/mistune
https://github.com/MariaDB/server
https://github.com/golang/net
https://github.com/FreeRDP/FreeRDP
https://github.com/sleuthkit/sleuthkit
https://github.com/Perl/perl5
https://github.com/python/cpython
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/libuv/libuv
https://github.com/mysql/mysql-server
https://github.com/libgd/libgd
https://github.com/SpiderLabs/ModSecurity
https://github.com/fish-shell/fish-shell
https://github.com/php/php-src
https://github.com/quassel/quassel
https://github.com/ocaml/ocaml
https://github.com/LibRaw/LibRaw
https://github.com/sddm/sddm
https://github.com/axkibe/lsyncd
https://github.com/visionmedia/send
https://github.com/rawstudio/rawstudio
https://github.com/cherokee/webserver
https://github.com/numpy/numpy
https://github.com/rjbs/Email-Address
https://github.com/openid/ruby-openid
https://github.com/moxiecode/plupload
https://github.com/libarchive/libarchive
#Vulnerabilities 5329
Date Id Summary Products Score Patch Annotated
2023-10-11 CVE-2023-39325 A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit... Fedora, Go, Http2, Astra_trident, Astra_trident_autosupport 7.5
2023-10-11 CVE-2023-5475 Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) Debian_linux, Fedora, Chrome 6.5
2023-10-11 CVE-2023-5484 Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Debian_linux, Fedora, Chrome 6.5
2023-10-11 CVE-2023-5487 Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) Fedora, Chrome 6.5
2023-10-12 CVE-2023-43789 A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. Fedora, Libxpm, Enterprise_linux 5.5
2023-10-12 CVE-2023-45143 Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such... Fedora, Undici 3.5
2023-10-13 CVE-2023-39999 Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from... Fedora, Wordpress 4.3
2023-10-18 CVE-2023-38552 When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. Fedora, Node\.js 7.5
2023-10-18 CVE-2023-39332 Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects. This is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of... Fedora, Node\.js 9.8
2023-10-18 CVE-2023-45145 Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to... Debian_linux, Fedora, Redis 3.6