Fedora - Vulncode-DB

Date	Id	Summary	Products	Score
2019-03-21	CVE-2018-12022	An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.	Debian_linux, Jackson\-Databind, Fedora, Jd_edwards_enterpriseone_tools, Retail_merchandising_system, Automation_manager, Decision_manager, Jboss_brms, Jboss_enterprise_application_platform, Openshift_container_platform, Single_sign\-On	7.5
2019-03-21	CVE-2018-12023	An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.	Debian_linux, Jackson\-Databind, Fedora, Jd_edwards_enterpriseone_tools, Retail_merchandising_system, Automation_manager, Decision_manager, Jboss_brms, Jboss_enterprise_application_platform, Openshift_container_platform, Single_sign\-On	7.5
2019-03-21	CVE-2018-18849	In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.	Ubuntu_linux, Fedora, Leap, Qemu	5.5
2019-03-21	CVE-2018-18898	The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.	Request_tracker, Ubuntu_linux, Debian_linux, Fedora	7.5
2019-03-21	CVE-2018-19872	An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.	Fedora, Leap, Qt	5.5
2019-03-21	CVE-2019-3859	An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	Debian_linux, Fedora, Libssh2, Ontap_select_deploy_administration_utility, Leap	9.1
2019-03-21	CVE-2019-3862	An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	Debian_linux, Fedora, Libssh2, Ontap_select_deploy_administration_utility, Leap	9.1
2019-03-21	CVE-2019-5885	Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.	Fedora, Synapse	7.5
2019-03-21	CVE-2019-6116	In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.	Ghostscript, Ubuntu_linux, Debian_linux, Fedora, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	7.8
2019-03-21	CVE-2019-6454	An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).	Ubuntu_linux, Debian_linux, Fedora, Web_gateway, Active_iq_performance_analytics_services, Leap, Enterprise_linux, Enterprise_linux_compute_node_eus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Systemd	5.5

Product: Fedora (Fedoraproject)

Product:
Fedora
(Fedoraproject)