Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-16 | CVE-2019-13115 | In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in... | Debian_linux, Traffix_systems_signaling_delivery_controller, Fedora, Libssh2, Cloud_backup, E\-Series_santricity_os_controller, Ontap_select_deploy_administration_utility | 8.1 | ||
| 2019-07-17 | CVE-2019-9848 | LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary... | Ubuntu_linux, Debian_linux, Fedora, Libreoffice, Leap | 9.8 | ||
| 2019-07-17 | CVE-2019-9849 | LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. | Ubuntu_linux, Debian_linux, Fedora, Libreoffice, Leap | 4.3 | ||
| 2019-07-17 | CVE-2019-13626 | SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. | Debian_linux, Fedora, Libsdl, Leap | 6.5 | ||
| 2019-07-17 | CVE-2019-13619 | In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2019-07-18 | CVE-2019-1010065 | The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image. | Debian_linux, Fedora, The_sleuth_kit | 6.5 | ||
| 2019-07-19 | CVE-2019-1010142 | scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work. | Fedora, Scapy | 7.5 | ||
| 2019-07-19 | CVE-2019-1010238 | Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. | Ubuntu_linux, Debian_linux, Fedora, Pango, Sd\-Wan_edge, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform | 9.8 | ||
| 2019-07-19 | CVE-2019-12815 | An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. | Debian_linux, Fedora, Proftpd, Simatic_cp_1543\-1_firmware | 9.8 | ||
| 2019-07-22 | CVE-2019-9959 | The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. | Debian_linux, Fedora, Poppler, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus | 6.5 |