Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-03-07 | CVE-2018-14498 | get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. | Debian_linux, Fedora, Libjpeg\-Turbo, Mozjpeg, Leap | 6.5 | ||
| 2019-03-08 | CVE-2019-9631 | Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. | Debian_linux, Fedora, Poppler | 9.8 | ||
| 2019-03-08 | CVE-2019-9636 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host... | Ubuntu_linux, Debian_linux, Fedora, Leap, Sun_zfs_storage_appliance_kit, Python, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform, Virtualization | 9.8 | ||
| 2019-03-11 | CVE-2019-9658 | Checkstyle before 8.18 loads external DTDs by default. | Checkstyle, Debian_linux, Fedora | 5.3 | ||
| 2019-03-11 | CVE-2019-9687 | PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. | Fedora, Podofo | 9.8 | ||
| 2019-03-12 | CVE-2019-9704 | Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. | Cron, Debian_linux, Fedora | 5.5 | ||
| 2019-03-12 | CVE-2019-9705 | Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted. | Cron, Debian_linux, Fedora | 5.5 | ||
| 2019-03-13 | CVE-2019-9741 | An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. | Debian_linux, Fedora, Go, Developer_tools, Enterprise_linux | 6.1 | ||
| 2019-03-21 | CVE-2018-12022 | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. | Debian_linux, Jackson\-Databind, Fedora, Jd_edwards_enterpriseone_tools, Retail_merchandising_system, Automation_manager, Decision_manager, Jboss_brms, Jboss_enterprise_application_platform, Openshift_container_platform, Single_sign\-On | 7.5 | ||
| 2019-03-21 | CVE-2018-12023 | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. | Debian_linux, Jackson\-Databind, Fedora, Jd_edwards_enterpriseone_tools, Retail_merchandising_system, Automation_manager, Decision_manager, Jboss_brms, Jboss_enterprise_application_platform, Openshift_container_platform, Single_sign\-On | 7.5 |