Lucene search

K

Fedora Security Vulnerabilities

cve
cve

CVE-2019-0228

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

9.8CVSS

8.9AI Score

0.006EPSS

2019-04-17 03:29 PM
103
2
cve
cve

CVE-2019-1000018

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.

7.8CVSS

8.6AI Score

0.0004EPSS

2019-02-04 09:29 PM
108
cve
cve

CVE-2019-1000019

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to b...

6.5CVSS

7AI Score

0.003EPSS

2019-02-04 09:29 PM
178
cve
cve

CVE-2019-1000020

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS b...

6.5CVSS

7AI Score

0.013EPSS

2019-02-04 09:29 PM
175
cve
cve

CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

7.3CVSS

7.3AI Score

0.004EPSS

2019-08-20 09:15 PM
579
6
cve
cve

CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with pro...

6.1CVSS

7.3AI Score

0.064EPSS

2019-09-26 04:15 PM
3067
3
cve
cve

CVE-2019-1010057

nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file....

7.8CVSS

7.3AI Score

0.001EPSS

2019-07-16 01:15 PM
109
cve
cve

CVE-2019-1010065

The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack ...

6.5CVSS

6.4AI Score

0.006EPSS

2019-07-18 05:15 PM
56
3
cve
cve

CVE-2019-1010142

scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work.

7.5CVSS

7.3AI Score

0.014EPSS

2019-07-19 04:15 PM
130
cve
cve

CVE-2019-1010228

OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conve...

9.8CVSS

9.5AI Score

0.008EPSS

2019-07-22 05:15 PM
130
cve
cve

CVE-2019-1010238

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when a...

9.8CVSS

9.7AI Score

0.023EPSS

2019-07-19 05:15 PM
335
cve
cve

CVE-2019-1010301

jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.

5.5CVSS

5.4AI Score

0.001EPSS

2019-07-15 06:15 PM
124
cve
cve

CVE-2019-1010302

jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.

5.5CVSS

5.4AI Score

0.003EPSS

2019-07-15 06:15 PM
131
cve
cve

CVE-2019-1010305

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f08413...

5.5CVSS

5.5AI Score

0.002EPSS

2019-07-15 03:15 PM
429
cve
cve

CVE-2019-1010315

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed ver...

5.5CVSS

5.7AI Score

0.002EPSS

2019-07-11 08:15 PM
209
cve
cve

CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://git...

5.5CVSS

5.9AI Score

0.002EPSS

2019-07-11 08:15 PM
201
cve
cve

CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https:/...

5.5CVSS

5.9AI Score

0.002EPSS

2019-07-11 08:15 PM
233
cve
cve

CVE-2019-10132

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the ...

8.8CVSS

6.6AI Score

0.005EPSS

2019-05-22 06:29 PM
155
cve
cve

CVE-2019-10143

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inacce...

7CVSS

7AI Score

0.001EPSS

2019-05-24 05:29 PM
158
cve
cve

CVE-2019-10155

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects version...

3.1CVSS

4AI Score

0.001EPSS

2019-06-12 02:29 PM
119
cve
cve

CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. Wh...

9.8CVSS

9.7AI Score

0.01EPSS

2019-06-07 06:29 PM
787
2
cve
cve

CVE-2019-10164

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQ...

8.8CVSS

8.9AI Score

0.729EPSS

2019-06-26 04:15 PM
696
3
cve
cve

CVE-2019-10190

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of se...

7.5CVSS

7.3AI Score

0.007EPSS

2019-07-16 06:15 PM
219
cve
cve

CVE-2019-10191

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.

7.5CVSS

7.2AI Score

0.007EPSS

2019-07-16 06:15 PM
200
cve
cve

CVE-2019-10195

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with p...

6.5CVSS

7.1AI Score

0.001EPSS

2019-11-27 08:15 AM
75
cve
cve

CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninit...

9.8CVSS

9.1AI Score

0.002EPSS

2021-03-19 08:15 PM
134
7
cve
cve

CVE-2019-1020014

docker-credential-helpers before 0.6.3 has a double free in the List functions.

5.5CVSS

5.3AI Score

0.001EPSS

2019-07-29 01:15 PM
211
1
cve
cve

CVE-2019-10218

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vu...

6.5CVSS

6.5AI Score

0.003EPSS

2019-11-06 10:15 AM
390
5
cve
cve

CVE-2019-10222

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

7.5CVSS

7.3AI Score

0.004EPSS

2019-11-08 03:15 PM
162
2
cve
cve

CVE-2019-10740

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the at...

4.3CVSS

5.3AI Score

0.003EPSS

2019-04-07 03:29 PM
131
2
cve
cve

CVE-2019-10746

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

9.8CVSS

9.1AI Score

0.007EPSS

2019-08-23 05:15 PM
481
4
cve
cve

CVE-2019-10894

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.

7.5CVSS

7.2AI Score

0.004EPSS

2019-04-09 04:29 AM
200
cve
cve

CVE-2019-10895

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.

7.5CVSS

7.2AI Score

0.001EPSS

2019-04-09 04:29 AM
209
cve
cve

CVE-2019-10896

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.

7.5CVSS

7.2AI Score

0.002EPSS

2019-04-09 04:29 AM
189
cve
cve

CVE-2019-10897

In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.

7.5CVSS

7.2AI Score

0.003EPSS

2019-04-09 04:29 AM
167
cve
cve

CVE-2019-10898

In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.

7.5CVSS

7.2AI Score

0.002EPSS

2019-04-09 04:29 AM
169
cve
cve

CVE-2019-10899

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.

7.5CVSS

7.3AI Score

0.003EPSS

2019-04-09 04:29 AM
195
cve
cve

CVE-2019-10900

In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.

7.5CVSS

7.2AI Score

0.003EPSS

2019-04-09 04:29 AM
169
cve
cve

CVE-2019-10901

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.

7.5CVSS

7.2AI Score

0.003EPSS

2019-04-09 04:29 AM
204
cve
cve

CVE-2019-10902

In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.

7.5CVSS

7.2AI Score

0.002EPSS

2019-04-09 04:29 AM
172
cve
cve

CVE-2019-10903

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.

7.5CVSS

7.2AI Score

0.002EPSS

2019-04-09 04:29 AM
194
cve
cve

CVE-2019-10906

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

8.6CVSS

8.4AI Score

0.003EPSS

2019-04-07 12:29 AM
354
2
cve
cve

CVE-2019-11026

FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.

6.5CVSS

6.1AI Score

0.004EPSS

2019-04-08 11:29 PM
44
cve
cve

CVE-2019-11036

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

9.1CVSS

8.8AI Score

0.009EPSS

2019-05-03 08:29 PM
516
cve
cve

CVE-2019-11038

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized var...

5.3CVSS

6AI Score

0.004EPSS

2019-06-19 12:15 AM
583
cve
cve

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

9.8CVSS

10AI Score

0.972EPSS

2019-10-28 03:15 PM
3729
In Wild
9
cve
cve

CVE-2019-11044

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

7.5CVSS

8.4AI Score

0.002EPSS

2019-12-23 03:15 AM
340
2
cve
cve

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

5.9CVSS

7.3AI Score

0.008EPSS

2019-12-23 03:15 AM
503
3
cve
cve

CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII num...

5.3CVSS

6AI Score

0.004EPSS

2019-12-23 03:15 AM
394
3
cve
cve

CVE-2019-11047

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure...

6.5CVSS

7.4AI Score

0.009EPSS

2019-12-23 03:15 AM
559
3
Total number of security vulnerabilities5113