Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-12-08 | CVE-2019-19630 | HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document. | Debian_linux, Fedora, Htmldoc | 7.8 | ||
| 2019-12-09 | CVE-2019-19647 | radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input. | Fedora, Radare2 | 7.8 | ||
| 2019-12-09 | CVE-2019-19648 | In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution. | Fedora, Yara | 7.8 | ||
| 2019-12-10 | CVE-2019-13725 | Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | Debian_linux, Fedora, Chrome, Enterprise_linux_desktop, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
| 2019-12-10 | CVE-2019-13726 | Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | Debian_linux, Fedora, Chrome, Enterprise_linux_desktop, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
| 2019-12-10 | CVE-2019-13727 | Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | Debian_linux, Fedora, Chrome, Enterprise_linux_desktop, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
| 2019-12-10 | CVE-2019-13728 | Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Enterprise_linux_desktop, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
| 2019-12-10 | CVE-2019-13729 | Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Enterprise_linux_desktop, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
| 2019-12-10 | CVE-2019-13730 | Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Suse_package_hub_for_suse_linux_enterprise, Backports, Enterprise_linux_desktop, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
| 2019-12-10 | CVE-2019-13732 | Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Enterprise_linux_desktop, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 |