Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-06-25 | CVE-2019-12957 | In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. | Fedora, Xpdfreader | 7.8 | ||
| 2019-06-25 | CVE-2019-12817 | arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus | 7.0 | ||
| 2019-06-26 | CVE-2019-10164 | PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account. | Fedora, Leap, Postgresql, Enterprise_linux | 8.8 | ||
| 2019-06-27 | CVE-2019-5805 | Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | Debian_linux, Fedora, Chrome, Backports, Leap | 6.5 | ||
| 2019-06-27 | CVE-2019-5806 | Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports, Leap | 8.8 | ||
| 2019-06-27 | CVE-2019-5807 | Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports, Leap | 8.8 | ||
| 2019-06-27 | CVE-2019-5808 | Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports, Leap | 8.8 | ||
| 2019-06-27 | CVE-2019-5809 | Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports, Leap | 8.8 | ||
| 2019-06-27 | CVE-2019-5810 | Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports, Leap | 6.5 | ||
| 2019-06-27 | CVE-2019-5811 | Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports, Leap | 8.8 |