Vulnerabilities (CVE)

Vendor filter

Fedoraproject Subscribe

Product filter

Fedora Subscribe

Filter

736 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12447 4 Gnome, Canonical, Fedoraproject and 1 more 4 Gvfs, Ubuntu Linux, Fedora and 1 more 2019-09-20 4.9
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
CVE-2019-12449 4 Gnome, Canonical, Fedoraproject and 1 more 4 Gvfs, Ubuntu Linux, Fedora and 1 more 2019-09-20 3.5
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root...
CVE-2019-16239 2 Infradead, Fedoraproject 2 Openconnect, Fedora 2019-09-20 7.5
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
CVE-2019-15718 2 Freedesktop, Fedoraproject 2 Systemd, Fedora 2019-09-19 2.1
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An...
CVE-2018-12023 5 Fasterxml, Oracle, Fedoraproject and 2 more 26 Jackson-databind, Banking Platform, Communications Billing And Revenue Management and 23 more 2019-09-17 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can...
CVE-2018-12022 5 Fasterxml, Fedoraproject, Oracle and 2 more 11 Jackson-databind, Fedora, Jd Edwards Enterpriseone Tools and 8 more 2019-09-17 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework)...
CVE-2019-7577 4 Libsdl, Debian, Fedoraproject and 1 more 4 Simple Directmedia Layer, Debian Linux, Fedora and 1 more 2019-09-10 6.8
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
CVE-2019-6251 6 Gnome, Webkitgtk, Canonical and 3 more 6 Epiphany, Webkitgtk, Ubuntu Linux and 3 more 2019-09-06 5.8
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the...
CVE-2019-5420 3 Rubyonrails, Debian, Fedoraproject 3 Rails, Debian Linux, Fedora 2019-09-06 7.5
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails...
CVE-2019-11500 3 Dovecot, Debian, Fedoraproject 4 Dovecot, Debian Linux, Fedora and 1 more 2019-09-06 7.5
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
CVE-2019-9852 3 Libreoffice, Debian, Fedoraproject 3 Libreoffice, Debian Linux, Fedora 2019-09-03 7.5
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python,...
CVE-2019-9851 4 Libreoffice, Canonical, Debian and 1 more 4 Libreoffice, Ubuntu Linux, Debian Linux and 1 more 2019-09-03 7.5
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block...
CVE-2019-9850 4 Libreoffice, Canonical, Debian and 1 more 4 Libreoffice, Ubuntu Linux, Debian Linux and 1 more 2019-09-03 7.5
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify...
CVE-2019-12854 3 Squid-cache, Debian, Fedoraproject 3 Squid, Debian Linux, Fedora 2019-08-28 5.0
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all...
CVE-2019-13377 3 W1.fi, Canonical, Fedoraproject 3 Hostapd, Ubuntu Linux, Fedora 2019-08-28 4.3
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be...
CVE-2019-14234 3 Djangoproject, Debian, Fedoraproject 3 Django, Debian Linux, Fedora 2019-08-28 7.5
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for...
CVE-2019-1010305 3 Kyzer, Canonical, Fedoraproject 3 Libmspack, Ubuntu Linux, Fedora 2019-08-23 4.3
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted...
CVE-2019-9516 6 Apache, Apple, Synology and 3 more 8 Traffic Server, Swiftnio, Diskstation Manager and 5 more 2019-08-23 7.8
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or...
CVE-2019-9513 6 Apache, Apple, Synology and 3 more 8 Traffic Server, Swiftnio, Diskstation Manager and 5 more 2019-08-23 7.8
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to...
CVE-2019-9511 6 Apache, Apple, Synology and 3 more 8 Traffic Server, Swiftnio, Diskstation Manager and 5 more 2019-08-23 7.8
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple...