Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-17 | CVE-2019-16239 | process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. | Ubuntu_linux, Debian_linux, Fedora, Openconnect, Leap | 9.8 | ||
| 2019-09-17 | CVE-2019-16378 | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. | Ubuntu_linux, Debian_linux, Fedora, Opendmarc | 9.8 | ||
| 2019-09-19 | CVE-2019-11779 | In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. | Ubuntu_linux, Debian_linux, Mosquitto, Fedora, Backports_sle, Leap | 6.5 | ||
| 2019-09-23 | CVE-2019-16707 | Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. | Fedora, Hunspell | 6.5 | ||
| 2019-09-24 | CVE-2019-16746 | An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Leap | 9.8 | ||
| 2019-09-25 | CVE-2019-16884 | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | Ubuntu_linux, Docker, Fedora, Runc, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Openshift_container_platform | 7.5 | ||
| 2019-09-26 | CVE-2019-16738 | In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. | Debian_linux, Fedora, Mediawiki | 5.3 | ||
| 2019-09-26 | CVE-2019-10092 | In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. | Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_element_manager, Enterprise_manager_ops_center, Secure_global_desktop, Software_collection | 6.1 | ||
| 2019-09-27 | CVE-2019-8075 | Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | Flash_player, Flash_player_desktop_runtime, Debian_linux, Fedora, Chrome | 7.5 | ||
| 2019-09-27 | CVE-2019-9232 | In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 | Ubuntu_linux, Debian_linux, Fedora, Android, Leap | 7.5 |