Endpoint Vuln Protection

Name Status Update
CVE-2019-20446chromium: librsvg: Resource exhaustion via crafted SVG file with nested patterns [fedora-all]
Add
chromium
CVE-2020-6405sqlite: Out-of-bounds read in SELECT with ON/USING clause
Add
sqlite
CVE-2020-6381CVE-2020-6382CVE-2020-6385CVE-2020-6387CVE-2020-6388CVE-2020-6389CVE-2020-6390CVE-2020-6391CVE-2020-6392CVE-2020-6393CVE-2020-6394CVE-2020-6395CVE-2020-6396CVE-2020-6397CVE-2020-6398... chromium: various flaws [fedora-all]
Add
chromium
CVE-2020-10531ICU: Integer overflow in UnicodeString::doAppend()
Add
ICU
CVE-2020-6418chromium: chromium-browser: type confusion in V8 [fedora-all]
Add
chromium
CVE-2020-10531chromium: ICU: Integer overflow in UnicodeString::doAppend() [fedora-all]
Add
chromium
CVE-2020-6407chromium: chromium-browser: out of bounds memory access in streams [fedora-all]
Add
chromium
CVE-2020-6383CVE-2020-6384CVE-2020-6386chromium: various flaws [fedora-all]
Add
chromium
CVE-2020-6420chromium: chromium-browser: Insufficient policy enforcement in media [fedora-all]
Add
chromium
CVE-2017-8073weechat: Buffer overflow in the irc_ctcp_dcc_filename_without_quotes function [epel-all]
Add
weechat
weechat: Uninitialized buffer used in logger plugin [epel-all]
Add
weechat
CVE-2020-8955weechat: denial of service in irc_mode_channel_update in plugins/irc/irc-mode.c [fedora-all]
Add
weechat
CVE-2020-8955weechat: denial of service in irc_mode_channel_update in plugins/irc/irc-mode.c [epel-all]
Add
weechat
CVE-2020-1739ansible: svn module leaks password when specified as a parameter [fedora-all]
Add
ansible
CVE-2020-1737ansible: Extract-Zip function in win_unzip module does not check extracted path [fedora-all]
Add
ansible
CVE-2020-8813cacti: remote code can be executed when guest users have access to realtime graphs [epel-all]
Add
cacti
CVE-2020-7247opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session [fedora-all]
Add
opensmtpd
CVE-2020-8793opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [fedora-all]
Add
opensmtpd
CVE-2020-8794opensmtpd: An out-of-bounds read could lead to remote code execution [fedora-all]
Add
opensmtpd
CVE-2019-6472kea: packet containing a malformed DUID
Add
kea
CVE-2019-6472kea: packet containing a malformed DUID [epel-7]
Add
kea
CVE-2019-6473kea: packed containing a malformed code causing assertion failure
Add
kea
CVE-2019-6473kea: packed containing a malformed code causing assertion failure [epel-7]
Add
kea
CVE-2019-6474kea: ncoming client requests can lead to server restart
Add
kea
CVE-2019-6474kea: ncoming client requests can lead to server restart [epel-7]
Add
kea
CVE-2019-17546libtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c [fedora-all]
Add
libtiff
USN-4299-1 firefox vulnerabilities
Add
firefox - Mozilla Open Source web browser
USN-4298-1 sqlite3 vulnerabilities
Add
sqlite3 - C library that implements an SQL database engine
USN-4297-1 runc vulnerabilities
Add
runc - Open Container Project
USN-4295-1 rake vulnerability
Add
rake - Ruby make-like utility
USN-4278-3 firefox regressions
Add
firefox - Mozilla Open Source web browser
Security patch #79329 available for PHP
Add
PHP
Security Vulnerability CVE-2020-10531 for Google Chrome
Add
Google Chrome
CVE-2019-19769kernel: use-after-free in perf_trace_lock_acquire related to include/trace/events/lock.h
Add
kernel
CVE-2019-19769kernel: use-after-free in perf_trace_lock_acquire related to include/trace/events/lock.h [fedora-all]
Add
kernel
drupal8: Drupal: in HTML data processor pasting specially crafted HTML code could result in XSS [fedora-all]
Add
drupal8
CVE-2020-9359okular: local binary execution via specially crafted PDF files
Add
okular
CVE-2020-9359okular: local binary execution via specially crafted PDF files [fedora-all]
Add
okular
CVE-2020-6424CVE-2020-6425CVE-2020-6426CVE-2020-6427CVE-2020-6428CVE-2020-6429CVE-2020-6449chromium: various flaws [fedora-all]
Add
chromium
CVE-2020-6422chromium: chromium-browser: Use after free in WebGL [fedora-all]
Add
chromium
CVE-2020-1747PyYAML: arbitrary command execution through python/object/new when FullLoader is used
Add
PyYAML
CVE-2020-1747PyYAML: arbitrary command execution through python/object/new when FullLoader is used [fedora-all]
Add
PyYAML
CVE-2019-14751python-nltk: directory traversal vulnerability allows attackers to write arbitrary files via ../ [fedora-all]
Add
python-nltk
varnish: remote clients may cause Varnish to assert and restart which could result in DoS
Add
varnish
varnish: assert could result in DoS [fedora-all]
Add
varnish
CVE-2020-10174timeshift: Arbitrary local code execution due to unsafe usage of temporary directory in /tmp/timeshift
Add
timeshift
CVE-2020-10174timeshift: Arbitrary local code execution due to unsafe usage of temporary directory in /tmp/timeshift [fedora-all]
Add
timeshift
USN-4304-1 ceph vulnerability
Add
ceph - distributed storage and file system
Security Vulnerability CVE-2020-6427 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6426 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6425 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6424 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6422 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6420 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6429 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6428 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6449 for Google Chrome
Add
Google Chrome
CVE-2020-10188telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code
Add
telnet-server
CVE-2020-10188telnet: telnet-server: Arbitrary remote code execution in utility.c via short writes or urgent data [fedora-all]
Add
telnet
CVE-2020-10029glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions [fedora-all]
Add
glibc
CVE-2020-1752glibc: use-after-free in glob() function when expanding user [fedora-all]
Add
glibc
CVE-2019-12528squid: Information Disclosure issue in FTP Gateway [fedora-all]
Add
squid
CVE-2020-8449squid: Improper input validation issues in HTTP Request processing [fedora-all]
Add
squid
CVE-2020-8450squid: Buffer overflow in a Squid acting as reverse-proxy [fedora-all]
Add
squid
CVE-2020-6061coturn: specially crafted HTTP POST request can lead to heap overflow which can result in information leak
Add
coturn
CVE-2020-6061coturn: specially crafted HTTP POST request can lead to heap overflow which can result in information leak [fedora-all]
Add
coturn
CVE-2020-6062coturn: specially crafted HTTP POST request can lead to server crash and denial of service
Add
coturn
CVE-2020-6062coturn: specially crafted HTTP POST request can lead to server crash and denial of service [fedora-all]
Add
coturn
CVE-2020-10804phpMyAdmin: SQL injection was found in retrieval of the current username which could result privilege escalation
Add
phpMyAdmin
CVE-2020-10804phpMyAdmin: SQL vulnerability was found in retrieval of the current username which could result privilege escalation [fedora-all]
Add
phpMyAdmin
CVE-2020-10803phpMyAdmin: Inserting specially crafted code in database tables, retrieving and displaying resuts could result in XSS
Add
phpMyAdmin
CVE-2020-10803phpMyAdmin: Inserting specially crafted code in database tables, retrieving and displaying resuts could result in XSS [fedora-all]
Add
phpMyAdmin
CVE-2020-10802phpMyAdmin: SQL injection was found in generating certain queries for search actions which could result in malicious D M
Add
phpMyAdmin
CVE-2020-10802phpMyAdmin: SQL injection was found in generating certain queries for search actions which could result in malicious D M [fedora-all]
Add
phpMyAdmin
CVE-2019-19886libmodsecurity: denial of service in Transaction::addRequestHeader in transaction.cc [fedora-all]
Add
libmodsecurity
CVE-2019-19886libmodsecurity: denial of service in Transaction::addRequestHeader in transaction.cc [epel-7]
Add
libmodsecurity
CVE-2020-9281ckeditor: XSS in the HTML Data Processor allows remote attackers to inject arbitrary web script through a crafted "protected" comment [fedora-all]
Add
ckeditor
CVE-2020-9281ckeditor: XSS in the HTML Data Processor allows remote attackers to inject arbitrary web script through a crafted "protected" comment [epel-all]
Add
ckeditor
CVE-2019-19906cyrus-sasl: denial of service in _sasl_add_string function [fedora-all]
Add
cyrus-sasl
CVE-2019-19906cyrus-sasl: denial of service in _sasl_add_string function
Add
cyrus-sasl
CVE-2020-10174timeshift: Arbitrary local code execution due to unsafe usage of temporary directory in /tmp/timeshift [epel-7]
Add
timeshift
Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1
Add
Firefox
Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1
Add
Firefox ESR
USN-4134-3 ibus vulnerability
Add
ibus - Intelligent Input Bus - core
USN-4308-1 twisted vulnerabilities
Add
twisted - Event-based framework for internet applications
USN-4307-1 Apache HTTP Server update
Add
apache2 - Apache HTTP server
USN-4306-1 dino-im vulnerabilities
Add
dino-im - modern XMPP client
CVE-2015-9541qt: XML entity expansion vulnerability
Add
qt
CVE-2015-9541qt5: qt: XML entity expansion vulnerability [fedora-all]
Add
qt5
CVE-2020-8835kernel: out-of-bounds read/write in the bpf verifier
Add
kernel
CVE-2020-8835kernel: out-of-bounds read/write in the bpf verifier [fedora-all]
Add
kernel
CVE-2020-6450CVE-2020-6451CVE-2020-6452chromium: various flaws [fedora-all]
Add
chromium
CVE-2020-5249rubygem-puma: attacker is able to use carriage return character to insert malicious content (HTTP Response Splitting), this could lead to XSS [fedora-all]
Add
rubygem-puma
CVE-2020-5247rubygem-puma: attacker is able to use newline characters to insert malicious content (HTTP Response Splitting), this could lead to XSS [fedora-all]
Add
rubygem-puma
CVE-2019-18182pacman: allows arbitrary command injection in conf.c in download_with_xfercommand function [fedora-all]
Add
pacman
CVE-2019-18183pacman: allows arbitrary command injection in lib/libalpm/sync.c in apply_deltas function [fedora-all]
Add
pacman
CVE-2020-7919golang: Integer overflow on 32bit architectures via crafted certificate allows for denial of service
Add
golang
CVE-2020-7919golang: Integer overflow on 32bit architectures via crafted certificate allows for denial of service [fedora-all]
Add
golang
CVE-2020-1751glibc: array overflow in backtrace functions for powerpc [fedora-all]
Add
glibc
CVE-2020-6061coturn: specially crafted HTTP POST request can lead to heap overflow which can result in information leak [epel-all]
Add
coturn
CVE-2020-6062coturn: specially crafted HTTP POST request can lead to server crash and denial of service [epel-all]
Add
coturn
CVE-2020-9359okular: local binary execution via specially crafted PDF files [epel-8]
Add
okular
Wireshark vulnerability wnpa-sec-2020-07
Add
Wireshark
Security Vulnerabilities fixed in Firefox ESR 68.7
Add
Firefox ESR
Security Vulnerabilities fixed in Firefox 75
Add
Firefox
firefox vulnerabilities
Add
firefox - Mozilla Open Source web browser
USN-4316-1 libgd2 vulnerabilities
Add
libgd2 - Open source code library for the dynamic creation of images
USN-4315-1 apport vulnerabilities
Add
apport - automatically generate crash reports for debugging
USN-4311-1 bluez vulnerabilities
Add
bluez - Bluetooth tools and daemons
USN-4312-1 Timeshift vulnerability
Add
timeshift - System restore utility
USN-4310-1 webkit2gtk vulnerability
Add
webkit2gtk - Web content engine library for GTK+
CVE-2020-1730libssh: denial of service when handling AES-CTR (or DES) ciphers [fedora-all]
Add
libssh
CVE-2020-5260git: Crafted URL containing new lines can cause credential leak
Add
git
CVE-2020-5260git: Crafted URL containing new lines can cause credential leak [fedora-all]
Add
git
CVE-2020-11100haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes
Add
haproxy
CVE-2019-18609librabbitmq: integer overflow in amqp_handle_input in amqp_connection.c leads to heap-based buffer overflow
Add
librabbitmq
CVE-2019-18609librabbitmq: integer overflow in amqp_handle_input in amqp_connection.c leads to heap-based buffer overflow [epel-6]
Add
librabbitmq
Security Vulnerabilities fixed in Thunderbird 68.7.0
Add
Thunderbird
USN-4321-1 haproxy vulnerability
Add
haproxy - fast and reliable load balancing reverse proxy
linux, linux-hwe vulnerabilities
Add
linux - Linux kernel,linux-hwe - Linux hardware enablement (HWE) kernel
Security Vulnerability CVE-2019-1547 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2019-15601 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2019-18197 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2019-18197 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2019-5482 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2752 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2754 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2754 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2755 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2755 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2756 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2756 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2757 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2757 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2759 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2760 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2761 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2762 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2763 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2765 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2767 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2767 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2770 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2773 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2773 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2774 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2778 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2778 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2779 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2780 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2781 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2781 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2790 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2800 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2800 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2803 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2803 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2804 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2805 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2805 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2806 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2812 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2814 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2816 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2816 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2830 in Oracle JRE
Add
Java JRE
Security Vulnerability CVE-2020-2830 in Oracle JDK
Add
Java JDK
Security Vulnerability CVE-2020-2853 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2892 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2893 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2895 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2896 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2897 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2898 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2901 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2903 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2904 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2921 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2922 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2923 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2924 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2925 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2926 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2928 in MySQL
Add
MySQL Server
Security Vulnerability CVE-2020-2930 in MySQL
Add
MySQL Server
Security patch #79330 available for PHP
Add
PHP
Security patch #79465 available for PHP
Add
PHP
Security Vulnerability CVE-2020-6423 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6451 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6456 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6430 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6431 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6432 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6433 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6434 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6435 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6436 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6437 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6438 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6439 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6445 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6444 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6447 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6446 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6443 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6442 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6448 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6454 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6455 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6452 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6450 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6441 for Google Chrome
Add
Google Chrome
Security Vulnerability CVE-2020-6440 for Google Chrome
Add
Google Chrome
secrets readable after ansible-vault edit
Add
ansible
module package can be selected by the ansible facts
Add
ansible
atomic_move primitive sets permissive permissions
Add
ansible
path injection on dest parameter in fetch module
Add
ansible
shell enabled by default in a pipe lookup plugin subprocess
Add
ansible
insecure temporary directory when running become_user from become directive
Add
ansible
Information disclosure issue in ldap_attr and ldap_entry modules
Add
ansible
kubectl connection plugin leaks sensitive information
Add
ansible
code injection when using ansible_facts as a subkey
Add
ansible
modules which use files encrypted with vault are not properly cleaned up
Add
ansible
archive traversal vulnerability in ansible-galaxy collection install
Add
ansible
the alias feature allows entity expansion during a load operation
Add
snakeyaml
missing memory barriers in read-write unlock paths
Add
xen
missing memory barriers in read-write unlock paths
Add
xen
xenoprof issue allows guest OS users without active profiling to obtain sensitive information about other guests
Add
xen
xenoprof issue allows guest OS users without active profiling to obtain sensitive information about other guests
Add
xen
xenoprof issue allows guest OS users with active profiling to obtain sensitive information about other guests
Add
xen
xenoprof issue allows guest OS users with active profiling to obtain sensitive information about other guests
Add
xen
bad error path in GNTTABOP_map_grant
Add
xen
bad error path in GNTTABOP_map_grant
Add
xen
bad continuation handling in GNTTABOP_copy
Add
xen
bad continuation handling in GNTTABOP_copy
Add
xen
WASSP dissector crash
Add
wireshark
WASSP dissector crash
Add
wireshark
LTE RRC dissector memory leak could result in excessive memory resource consumption
Add
wireshark
LTE RRC dissector memory leak could result in excessive memory resource consumption
Add
wireshark
injecting a malformed packet may cause WiMax DLMAP dissector to crash due to out-of-bound read
Add
wireshark
injecting a malformed packet may cause WiMax DLMAP dissector to crash due to out-of-bound read
Add
wireshark
injecting a malformed packet may cause the EAP dissector to crash due to out-of-bounds read
Add
wireshark
injecting a malformed packet may cause The EAP dissector to crash due to out-of-bounds read
Add
wireshark
insufficient filtering and incorrect parsing of the configuration file may lead to command injection
Add
nrpe
heap-based buffer overflow due to a wrong integer type conversion
Add
nrpe
USN-4328-1 thunderbird vulnerabilities
Add
thunderbird - Mozilla Open Source mail and newsgroup client
USN-4326-1 libiberty vulnerabilities
Add
libiberty - library of utility functions used by GNU programs
USN-4323-1 firefox vulnerabilities
Add
firefox - Mozilla Open Source web browser
USN-4322-1 gnutls28 vulnerability
Add
gnutls28 - GNU TLS library
libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash
Add
libxml2
libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c
Add
libxml2
libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations
Add
libxml2
USN-4341-1 samba vulnerabilities
Add
samba - SMB/CIFS file, print, and login server for Unix
USN-4339-1 openexr vulnerabilities
Add
openexr - tools for the OpenEXR image format
USN-4338-1 re2c vulnerability
Add
re2c - tool for generating fast C-based recognizers
USN-4336-1 binutils vulnerabilities
Add
binutils - GNU assembler, linker and binary utilities
USN-4335-1 thunderbird vulnerabilities
Add
thunderbird - Mozilla Open Source mail and newsgroup client
USN-4334-1 git vulnerability
Add
git - fast, scalable, distributed revision control system
USN-4332-1 file-roller vulnerability
Add
file-roller - archive manager for GNOME
USN-4331-1 webkit2gtk vulnerability
Add
webkit2gtk - Web content engine library for GTK+
USN-4329-1 git vulnerability
Add
git - fast, scalable, distributed revision control system
Security Vulnerabilities fixed in Thunderbird 68.8.0
Add
Thunderbird
Security Vulnerabilities fixed in Firefox ESR 68.8
Add
Firefox ESR
Security Vulnerabilities fixed in Firefox 76
Add
Firefox
USN-4347-1 webkit2gtk vulnerability
Add
webkit2gtk - Web content engine library for GTK+
Security patch #69888 available for PHP
Add
PHP
OpenEXR: off-by-one error in ImfXdr.h read function by DwaCompressor::Classifier::Classifier leading to an out-of-bounds read
Add
OpenEXR
OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp
Add
OpenEXR
OpenEXR: std::vector out-of-bounds read and write as demonstrated by ImfTileOffsets.cpp
Add
OpenEXR
OpenEXR: out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp
Add
OpenEXR
OpenEXR: out-of-bounds read during Huffman uncompression
Add
OpenEXR
OpenEXR: out-of-bounds read during RLE uncompression in rleUncompress function in ImfRle.cpp
Add
OpenEXR
OpenEXR: out-of-bounds write due to integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock
Add
OpenEXR
OpenEXR: out-of-bounds read in ImfOptimizedPixelReading.h
Add
OpenEXR
OpenEXR: out-of-bounds write due to integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock
Add
OpenEXR
USN-4351-1 linux-firmware vulnerability
Add
linux-firmware - Firmware for Linux kernel drivers
USN-4330-2 php7.4 vulnerabilities
Add
php7.4 - server-side, HTML-embedded scripting language (metapackage)
USN-4349-1 edk2 vulnerabilities
Add
edk2 - UEFI firmware for 64-bit x86 virtual machines
USN-4333-2 python3.8 vulnerabilities
Add
python3.8 - Interactive high-level object-oriented language (version 3.8)
Security patch #78876 available for PHP
Add
PHP
Security patch #78875 available for PHP
Add
PHP
Zoom Vulnerability CVE-2018-15715
Add
Zoom
Zoom Vulnerability CVE-2017-15048
Add
Zoom
Zoom Vulnerability CVE-2017-15049
Add
Zoom
SSL, TLS and DTLS Plaintext Recovery Attack
Mod
OpenSSL
SSL 3.0 Fallback protection
Mod
OpenSSL
SSLv2 doesn't block disabled ciphers
Mod
OpenSSL
Excessive allocation of memory in tls_get_message_header
Mod
OpenSSL
:BN_mod_exp may produce incorrect results on x86_64
Mod
OpenSSL
Security updates available in Foxit Reader for Mac and Linux 2.2
Mod
Foxit Reader
Security updates available in Foxit Reader for Windows 8.0.2, Foxit Reader for Mac/Linux 2.1, and Foxit PhantomPDF 8.0.2
Mod
Foxit Reader
CVE-2013-7070CVE-2013-7071CVE-2013-7072monitorix: HTTP server 'handle_request()' session fixation and XSS vulnerabilities
Mod
monitorix
monitorix: HTTP server 'handle_request()' session fixation and XSS vulnerabilities [epel-6]
Mod
monitorix
CVE-2015-3010ceph-deploy: keyring permissions are world readable in ceph
Mod
ceph-deploy
CVE-2015-3010ceph-deploy: keyring permissions are world readable in ceph [fedora-all]
Mod
ceph-deploy
CVE-2015-8894CVE-2015-8896ImageMagick: Double free vulnerabilities in coders pict.c,tga.c [fedora-all]
Mod
ImageMagick
CVE-2015-8614claws-mail: Stack overflow in conv_ jistoeuc,euctojis,sjistoeuc
Mod
claws-mail
CVE-2015-8614claws-mail: Stack overflow in conv_ jistoeuc,euctojis,sjistoeuc [fedora-all]
Mod
claws-mail
CVE-2016-1900cgit: Stored Cross Site Scripting and Header Injection in Filename Parameter
Mod
cgit
CVE-2016-1900cgit: Stored Cross Site Scripting and Header Injection in Filename Parameter [fedora-all]
Mod
cgit
CVE-2016-1900cgit: Stored Cross Site Scripting and Header Injection in Filename Parameter [epel-all]
Mod
cgit
CVE-2014-9761glibc: Unbounded stack allocation in nan functions [fedora-all]
Mod
glibc
CVE-2016-1572ecryptfs-utils: privilege escalation by mounting over /proc/pid [fedora-all]
Mod
ecryptfs-utils
CVE-2016-0799OpenSSL: Fix memory issues in BIO_printf functions
Mod
OpenSSL
CVE-2016-0799OpenSSL: Fix memory issues in BIO_printf functions [fedora-all]
Mod
OpenSSL
CVE-2016-0799mingw-openssl: OpenSSL: Fix memory issues in BIO_printf functions [fedora-all]
Mod
openssl
CVE-2016-4072php: Invalid memory write in phar on filename containing 0 inside name
Mod
php
CVE-2016-4072php: Invalid memory write in phar on filename containing 0 inside name [fedora-all]
Mod
php
CVE-2015-8325openssh: ignore PAM environment vars when UseLogin is yes [fedora-all]
Mod
openssh
CVE-2015-8325gsi-openssh: openssh: privilege escalation via user's PAM environment and UseLogin [fedora-all]
Mod
gsi-openssh
CVE-2016-1583kernel: Stack overflow via ecryptfs and /proc/pid/environ [fedora-all]
Mod
kernel
CVE-2016-6185perl: XSLoader loads relative paths not included in INC
Mod
perl
CVE-2013-7458redis: world-readable rediscli_history [fedora-all]
Mod
redis
CVE-2013-7458redis: world-readable rediscli_history [epel-all]
Mod
redis
CVE-2016-9014python-django: DNS rebinding vulnerability when DEBUG set to True
Mod
python-django
CVE-2016-9179lynx: Invalid URL parsing of pages containing question mark [fedora-all]
Mod
lynx
CVE-2016-9793kernel: Signed overflow for SO_SND_RCV_BUFFORCE
Mod
kernel
CVE-2016-9793kernel: Signed overflow for SO_SND_RCV_BUFFORCE [fedora-all]
Mod
kernel
CVE-2016-9964python-bottle: redirect() doesn't filter string which allows for CRLF attack [fedora-all]
Mod
python-bottle
CVE-2016-9964python-bottle: redirect() doesn't filter string which allows for CRLF attack [epel-all]
Mod
python-bottle
phpMyAdmin: Bypass [Servers] [AllowNoPassword]
Mod
phpMyAdmin
phpMyAdmin: Bypass cfg [Servers] epel-all
Mod
phpMyAdmin
CVE-2017-8291ghostscript: -dSAFER bypass and command execution via a OutputFile pipe substring [fedora-all]
Mod
ghostscript
CVE-2017-11141ImageMagick: Memory exhaustion in ReadMATImage function in coders mat.c [fedora-all]
Mod
ImageMagick
CVE-2017-11188ImageMagick: Resource exhaustion in ReadDPXImage function in coders dpx.c [fedora-all]
Mod
ImageMagick
CVE-2017-7558kernel: Out of bounds read in inet_diag_msg_sctp addr_fill() and sctp_get_sctp_info() in SCTP stack
Mod
kernel
CVE-2017-12587ImageMagick: Resource exhaustion in ReadPWPImage function in coders pwp.c [fedora-all]
Mod
ImageMagick
CVE-2017-7558kernel: Out of bounds read in inet_diag_msg_sctp addr_fill() and sctp_get_sctp_info() in SCTP stack [fedora-all]
Mod
kernel
CVE-2012-6496rubygem-activerecord: find_by_SQL Injection [epel-5]
Mod
rubygem-activerecord
DHE man-in-the-middle protection
Mod
OpenSSL
CVE-2018-16471rubygem-rack: Cross-site scripting (XSS) via scheme method on Rack::Request
Mod
rubygem-rack
CVE-2018-16471rubygem-rack: Cross-site scripting (XSS) via scheme method on Rack::Request [fedora-all]
Mod
rubygem-rack
openssl: One and Done side channel attack can recover RSA key [fedora-all]
Mod
openssl
openssl: One and Done side channel attack can recover RSA key [fedora-all]
Mod
openssl
VMware product updates enable Hypervisor-Specific Mitigations,Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
Mod
VMware Workstation Player
VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities (CVE-2019-5521,CVE-2019-5684)
Mod
VMware Workstation Player
Information disclosure with FromPoint on iframes
Mod
SeaMonkey
CVE-2019-11250kubernetes: Bearer tokens written to logs at high verbosity levels greater or equal to 7 [fedora-all]
Mod
kubernetes
CVE-2019-11246kubernetes: Incomplete fix forCVE-2019-1002101allows for arbitrary file write via kubectl cp [fedora-all]
Mod
kubernetes
CVE-2019-11246kubernetes:1.10/kubernetes: Incomplete fix forCVE-2019-1002101allows for arbitrary file write via kubectl cp [fedora-all]
Mod
kubernetes
VMware ESXi, Workstation, Fusion, VMRC and Horizon Client updates address use-after-free and denial of service vulnerabilities.(CVE-2019-5527,CVE-2019-5535)
Mod
VMware Workstation Player
CVE-2019-13616SDL2: SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit.c [fedora-all]
Mod
SDL2
CVE-2019-6978gd: double free in the gdImage Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c [fedora-all]
Mod
gd
VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2019-5540, CVE-2019-5541,CVE-2019-5542)
Mod
VMware Workstation Player
CVE-2019-13038mod_auth_mellon: an Open Redirect via the login ReturnTo substring which could facilitate information theft [fedora-all]
Mod
mod_auth_mellon
CVE-2019-11236python-urllib3: CRLF injection due to not encoding the sequence leading to possible attack on internal service
Mod
python-urllib3
CVE-2019-11236python-pip: python-urllib3: CRLF injection due to not encoding the sequence leading to possible attack on internal service [fedora-all]
Mod
python-pip
VMware Horizon Client, VMRC,VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2019-5543,CVE-2020-3947, CVE-2020-3948)
Mod
VMware Workstation Player