Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-12-13 | CVE-2019-19786 | ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file. | Atasm, Fedora | 7.8 | ||
| 2019-12-13 | CVE-2019-19787 | ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file. | Atasm, Fedora | 7.8 | ||
| 2019-12-13 | CVE-2019-19722 | In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient. | Dovecot, Fedora | 5.3 | ||
| 2019-12-15 | CVE-2019-19797 | read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. | Debian_linux, Fedora, Fig2dev | 5.5 | ||
| 2019-12-16 | CVE-2019-19783 | An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. | Ubuntu_linux, Imap, Debian_linux, Fedora | 6.5 | ||
| 2019-12-17 | CVE-2019-3992 | ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older versions of ELOG, passwords. | Elog, Fedora | 7.5 | ||
| 2019-12-17 | CVE-2019-3993 | ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request. | Elog, Fedora | 7.5 | ||
| 2019-12-17 | CVE-2019-3994 | ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed variable. | Elog, Fedora | 7.5 | ||
| 2019-12-17 | CVE-2019-3995 | ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request. | Elog, Fedora | 7.5 | ||
| 2019-12-17 | CVE-2019-3996 | ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. | Elog, Fedora | 6.5 |