Vulnerabilities (CVE)

Vendor filter

Fedoraproject Subscribe

Product filter

Fedora Subscribe

Filter

675 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-8936 5 Netapp, Ntp, Fedoraproject and 2 more 5 Data Ontap Operating In 7-mode, Ntp, Fedora and 2 more 2019-05-20 5.0
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2019-3882 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2019-05-20 4.9
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership...
CVE-2019-3812 4 Qemu, Canonical, Fedoraproject and 1 more 4 Qemu, Ubuntu Linux, Fedora and 1 more 2019-05-17 2.1
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack...
CVE-2019-9636 4 Python, Fedoraproject, Redhat and 1 more 10 Python, Fedora, Enterprise Linux Desktop and 7 more 2019-05-17 5.0
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached...
CVE-2019-3900 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2019-05-17 6.8
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A...
CVE-2019-0211 5 Apache, Canonical, Debian and 2 more 5 Http Server, Ubuntu Linux, Debian Linux and 2 more 2019-05-17 7.2
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code...
CVE-2019-11373 2 Mediaarea, Fedoraproject 2 Mediainfo, Fedora 2019-05-16 4.3
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11372 2 Mediaarea, Fedoraproject 2 Mediainfo, Fedora 2019-05-16 4.3
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-10903 2 Wireshark, Fedoraproject 2 Wireshark, Fedora 2019-05-16 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
CVE-2019-10901 2 Wireshark, Fedoraproject 2 Wireshark, Fedora 2019-05-16 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
CVE-2019-10899 2 Wireshark, Fedoraproject 2 Wireshark, Fedora 2019-05-16 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
CVE-2019-10896 2 Wireshark, Fedoraproject 2 Wireshark, Fedora 2019-05-16 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
CVE-2019-10895 2 Wireshark, Fedoraproject 2 Wireshark, Fedora 2019-05-16 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
CVE-2019-10894 2 Wireshark, Fedoraproject 2 Wireshark, Fedora 2019-05-16 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
CVE-2019-10906 2 Palletsprojects, Fedoraproject 2 Jinja, Fedora 2019-05-16 5.0
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
CVE-2019-6341 3 Drupal, Debian, Fedoraproject 3 Drupal, Debian Linux, Fedora 2019-05-16 3.5
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting...
CVE-2019-9499 2 W1.fi, Fedoraproject 3 Hostapd, Wpa Supplicant, Fedora 2019-05-15 6.8
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete...
CVE-2019-9498 2 W1.fi, Fedoraproject 3 Hostapd, Wpa Supplicant, Fedora 2019-05-15 6.8
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid...
CVE-2019-9497 2 W1.fi, Fedoraproject 3 Hostapd, Wpa Supplicant, Fedora 2019-05-15 6.8
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the...
CVE-2019-9496 2 W1.fi, Fedoraproject 3 Hostapd, Wpa Supplicant, Fedora 2019-05-15 5.0
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An...