Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-04 | CVE-2019-15718 | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. | Fedora, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems_8_s390x, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_ibm_z_systems_eus_s390x, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Openshift_container_platform, Systemd | 4.4 | ||
| 2019-09-05 | CVE-2019-15945 | OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. | Debian_linux, Fedora, Opensc | 6.4 | ||
| 2019-09-05 | CVE-2019-15946 | OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. | Debian_linux, Fedora, Opensc | 6.4 | ||
| 2019-09-06 | CVE-2019-14813 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | Ghostscript, Debian_linux, Fedora, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform | 9.8 | ||
| 2019-09-06 | CVE-2019-16056 | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | Ubuntu_linux, Debian_linux, Fedora, Leap, Communications_operations_monitor, Peoplesoft_enterprise_peopletools, Solaris, Zfs_storage_appliance_kit, Python, Software_collections | 7.5 | ||
| 2019-09-06 | CVE-2019-9854 | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding... | Ubuntu_linux, Debian_linux, Fedora, Libreoffice, Leap, Enterprise_linux | 7.8 | ||
| 2019-09-08 | CVE-2016-10937 | IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | Debian_linux, Fedora, Imapfilter, Backports_sle, Leap | 7.5 | ||
| 2019-09-09 | CVE-2019-16159 | BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. | Debian_linux, Fedora, Bird, Backports_sle | 7.5 | ||
| 2019-09-09 | CVE-2019-16163 | Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. | Ubuntu_linux, Debian_linux, Fedora, Oniguruma | 7.5 | ||
| 2019-09-09 | CVE-2019-16167 | sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. | Ubuntu_linux, Debian_linux, Fedora, Leap, Sysstat | 5.5 |