Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-15 | CVE-2020-0499 | In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070 | Debian_linux, Fedora, Android | 4.3 | ||
| 2021-02-11 | CVE-2019-19004 | A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. | Autotrace, Fedora | 3.3 | ||
| 2021-02-11 | CVE-2019-19005 | A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182. | Autotrace, Fedora | 7.8 | ||
| 2021-02-24 | CVE-2020-11988 | Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later. | Xmlgraphics_commons, Fedora | 8.2 | ||
| 2021-07-20 | CVE-2019-25051 | objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). | Debian_linux, Fedora, Aspell | 7.8 | ||
| 2022-02-24 | CVE-2019-25058 | An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. | Debian_linux, Fedora, Usbguard | 7.8 | ||
| 2022-04-13 | CVE-2015-20107 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Snapcenter, Python | 7.6 | ||
| 2019-11-08 | CVE-2019-10222 | A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. | Ceph, Fedora, Ceph_storage | 7.5 | ||
| 2014-04-22 | CVE-2013-6370 | Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. | Fedora, Json\-C | N/A | ||
| 2014-04-22 | CVE-2013-6371 | The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. | Fedora, Json\-C | N/A |