Fedoraproject » Fedora » 29 : Security Vulnerabilities, CVEs,
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
Max CVSS
9.8
EPSS Score
1.44%
Published
2018-06-27
Updated
2020-10-14
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
EPSS Score
0.53%
Published
2018-12-07
Updated
2020-08-24
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.
Max CVSS
9.8
EPSS Score
0.20%
Published
2018-10-17
Updated
2022-04-02
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
Max CVSS
9.8
EPSS Score
1.11%
Published
2018-12-11
Updated
2021-06-15
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
Max CVSS
9.8
EPSS Score
0.64%
Published
2019-04-17
Updated
2022-04-29
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Max CVSS
9.8
EPSS Score
1.91%
Published
2019-02-06
Updated
2021-07-21
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Max CVSS
9.8
EPSS Score
1.91%
Published
2019-02-06
Updated
2021-07-21
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
Max CVSS
9.8
EPSS Score
1.17%
Published
2019-09-16
Updated
2023-03-29
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Max CVSS
9.8
EPSS Score
9.76%
Published
2019-09-16
Updated
2021-11-03
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
Max CVSS
9.8
EPSS Score
0.53%
Published
2019-05-30
Updated
2021-07-31
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
Max CVSS
9.8
EPSS Score
1.02%
Published
2019-03-08
Updated
2020-07-23
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
Max CVSS
9.8
EPSS Score
0.72%
Published
2019-03-08
Updated
2022-07-25
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
Max CVSS
9.8
EPSS Score
0.35%
Published
2019-03-11
Updated
2020-08-24
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
Max CVSS
9.8
EPSS Score
21.74%
Published
2019-07-17
Updated
2022-04-18
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
Max CVSS
9.8
EPSS Score
1.10%
Published
2019-08-15
Updated
2022-10-14
CVE-2019-9851
Public exploit
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
Max CVSS
9.8
EPSS Score
97.10%
Published
2019-08-15
Updated
2022-10-14
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
Max CVSS
9.8
EPSS Score
1.63%
Published
2019-03-21
Updated
2019-04-05
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
Max CVSS
9.8
EPSS Score
2.24%
Published
2019-03-21
Updated
2021-07-21
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
Max CVSS
9.8
EPSS Score
0.29%
Published
2019-06-07
Updated
2023-02-12
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
Max CVSS
9.8
EPSS Score
0.26%
Published
2019-04-10
Updated
2023-03-24
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
Max CVSS
9.8
EPSS Score
3.85%
Published
2019-06-03
Updated
2022-05-03
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
Max CVSS
9.8
EPSS Score
2.75%
Published
2019-05-09
Updated
2021-10-01
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
Max CVSS
9.8
EPSS Score
16.21%
Published
2019-07-11
Updated
2022-04-26
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
Max CVSS
9.8
EPSS Score
94.46%
Published
2019-07-19
Updated
2023-03-01
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.
Max CVSS
9.8
EPSS Score
1.01%
Published
2019-07-11
Updated
2022-04-06