Lucene search

K

Fedora Security Vulnerabilities

cve
cve

CVE-2019-19769

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).

6.7CVSS

6.5AI Score

0.0004EPSS

2019-12-12 08:15 PM
270
cve
cve

CVE-2019-19783

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to c...

6.5CVSS

6.3AI Score

0.001EPSS

2019-12-16 02:15 PM
68
cve
cve

CVE-2019-19785

ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file.

7.8CVSS

7.5AI Score

0.001EPSS

2019-12-13 04:15 PM
32
2
cve
cve

CVE-2019-19786

ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file.

7.8CVSS

7.5AI Score

0.001EPSS

2019-12-13 04:15 PM
37
2
cve
cve

CVE-2019-19787

ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file.

7.8CVSS

7.5AI Score

0.001EPSS

2019-12-13 04:15 PM
34
cve
cve

CVE-2019-19797

read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.

5.5CVSS

5.8AI Score

0.001EPSS

2019-12-15 08:15 PM
181
cve
cve

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.

7.5CVSS

7.2AI Score

0.004EPSS

2020-01-21 10:15 PM
64
cve
cve

CVE-2019-19906

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

7.5CVSS

7.5AI Score

0.005EPSS

2019-12-19 06:15 PM
268
cve
cve

CVE-2019-19911

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux run...

7.5CVSS

8.2AI Score

0.002EPSS

2020-01-05 10:15 PM
203
cve
cve

CVE-2019-19917

Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.

7.8CVSS

7.6AI Score

0.001EPSS

2019-12-20 08:15 PM
154
2
cve
cve

CVE-2019-19918

Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.

7.8CVSS

7.6AI Score

0.001EPSS

2019-12-20 08:15 PM
150
2
cve
cve

CVE-2019-19956

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

7.5CVSS

7.5AI Score

0.004EPSS

2019-12-24 04:15 PM
403
4
cve
cve

CVE-2019-20021

A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

5.5CVSS

5.4AI Score

0.002EPSS

2019-12-27 02:15 AM
189
cve
cve

CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

7.8CVSS

7.8AI Score

0.0005EPSS

2020-02-24 02:15 PM
327
cve
cve

CVE-2019-20051

A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.

5.5CVSS

5.3AI Score

0.001EPSS

2019-12-27 10:15 PM
136
cve
cve

CVE-2019-20093

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.

5.5CVSS

5.1AI Score

0.002EPSS

2019-12-30 04:15 AM
129
cve
cve

CVE-2019-20176

In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.

7.5CVSS

7.3AI Score

0.003EPSS

2019-12-31 03:15 PM
44
cve
cve

CVE-2019-20386

An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.

2.4CVSS

5.1AI Score

0.001EPSS

2020-01-21 06:15 AM
370
2
cve
cve

CVE-2019-20388

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

7.5CVSS

7.6AI Score

0.009EPSS

2020-01-21 11:15 PM
493
2
cve
cve

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

9.1CVSS

9AI Score

0.009EPSS

2020-01-29 09:15 PM
258
cve
cve

CVE-2019-20445

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

9.1CVSS

8.9AI Score

0.002EPSS

2020-01-29 09:15 PM
282
cve
cve

CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

6.5CVSS

6.3AI Score

0.004EPSS

2020-02-02 02:15 PM
307
cve
cve

CVE-2019-20454

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The...

7.5CVSS

5.9AI Score

0.001EPSS

2020-02-14 02:15 PM
155
2
cve
cve

CVE-2019-20477

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.

9.8CVSS

9.6AI Score

0.168EPSS

2020-02-19 04:15 AM
195
cve
cve

CVE-2019-20479

A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.

6.1CVSS

6.1AI Score

0.003EPSS

2020-02-20 06:15 AM
191
cve
cve

CVE-2019-20485

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

5.7CVSS

5.7AI Score

0.0005EPSS

2020-03-19 02:15 AM
178
cve
cve

CVE-2019-20790

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.

9.8CVSS

9.4AI Score

0.006EPSS

2020-04-27 02:15 PM
43
6
cve
cve

CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

7.5CVSS

7.6AI Score

0.012EPSS

2020-07-13 01:15 PM
2397
2
cve
cve

CVE-2019-20919

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

4.7CVSS

5.5AI Score

0.0004EPSS

2020-09-17 06:15 PM
176
cve
cve

CVE-2019-2126

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Andr...

8.8CVSS

8.6AI Score

0.011EPSS

2019-08-20 08:15 PM
192
cve
cve

CVE-2019-25013

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

5.9CVSS

6.8AI Score

0.02EPSS

2021-01-04 06:15 PM
511
14
cve
cve

CVE-2019-25051

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).

7.8CVSS

7.7AI Score

0.001EPSS

2021-07-20 07:15 AM
408
15
cve
cve

CVE-2019-25058

An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.

7.8CVSS

7.2AI Score

0.001EPSS

2022-02-24 03:15 PM
68
cve
cve

CVE-2019-2580

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS

4.8AI Score

0.001EPSS

2019-04-23 07:32 PM
76
cve
cve

CVE-2019-2581

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise My...

4.9CVSS

4.8AI Score

0.001EPSS

2019-04-23 07:32 PM
104
cve
cve

CVE-2019-2584

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS

4.8AI Score

0.001EPSS

2019-04-23 07:32 PM
79
cve
cve

CVE-2019-2585

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS

4.8AI Score

0.001EPSS

2019-04-23 07:32 PM
93
cve
cve

CVE-2019-2587

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS

4.8AI Score

0.001EPSS

2019-04-23 07:32 PM
73
cve
cve

CVE-2019-2589

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS

4.8AI Score

0.001EPSS

2019-04-23 07:32 PM
83
cve
cve

CVE-2019-2592

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser...

4.9CVSS

4.8AI Score

0.001EPSS

2019-04-23 07:32 PM
96
cve
cve

CVE-2019-2593

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS

4.8AI Score

0.001EPSS

2019-04-23 07:32 PM
82
cve
cve

CVE-2019-2596

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS

4.8AI Score

0.001EPSS

2019-04-23 07:32 PM
81
cve
cve

CVE-2019-2606

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS

4.8AI Score

0.001EPSS

2019-04-23 07:32 PM
88
cve
cve

CVE-2019-2607

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS

4.8AI Score

0.001EPSS

2019-04-23 07:32 PM
98
cve
cve

CVE-2019-2614

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple prot...

4.4CVSS

4.7AI Score

0.001EPSS

2019-04-23 07:32 PM
345
cve
cve

CVE-2019-2617

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe...

4.4CVSS

4.4AI Score

0.001EPSS

2019-04-23 07:32 PM
95
cve
cve

CVE-2019-2620

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS

4.8AI Score

0.001EPSS

2019-04-23 07:32 PM
88
cve
cve

CVE-2019-2737

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pr...

4.9CVSS

5AI Score

0.002EPSS

2019-07-23 11:15 PM
240
cve
cve

CVE-2019-2738

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Compiling). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protoc...

3.1CVSS

3AI Score

0.002EPSS

2019-07-23 11:15 PM
153
cve
cve

CVE-2019-2739

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructu...

5.1CVSS

5.4AI Score

0.001EPSS

2019-07-23 11:15 PM
273
Total number of security vulnerabilities5113