Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-11-06 | CVE-2017-18926 | raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). | Debian_linux, Fedora, Raptor_rdf_syntax_library | 7.1 | ||
| 2020-11-10 | CVE-2020-0452 | In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731 | Fedora, Android | 9.8 | ||
| 2020-11-30 | CVE-2020-11867 | Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there. | Audacity, Fedora | 3.3 | ||
| 2020-12-15 | CVE-2020-0499 | In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070 | Debian_linux, Fedora, Android | 4.3 | ||
| 2021-02-11 | CVE-2019-19004 | A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. | Autotrace, Fedora | 3.3 | ||
| 2021-02-11 | CVE-2019-19005 | A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182. | Autotrace, Fedora | 7.8 | ||
| 2021-02-24 | CVE-2020-11988 | Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later. | Xmlgraphics_commons, Fedora | 8.2 | ||
| 2021-07-20 | CVE-2019-25051 | objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). | Debian_linux, Fedora, Aspell | 7.8 | ||
| 2022-02-24 | CVE-2019-25058 | An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. | Debian_linux, Fedora, Usbguard | 7.8 | ||
| 2022-04-13 | CVE-2015-20107 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Snapcenter, Python | 7.6 |