CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fedoraproject » Fedora » 29 : Security Vulnerabilities

Cpe Name:cpe:/o:fedoraproject:fedora:29
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1000020 400 2019-02-04 2019-04-12
4.3
None Remote Medium Not required None None Partial
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.
2 CVE-2019-1000019 125 DoS 2019-02-04 2019-04-12
4.3
None Remote Medium Not required None None Partial
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.
3 CVE-2019-11373 125 2019-04-20 2019-05-25
4.3
None Remote Medium Not required None None Partial
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
4 CVE-2019-11372 125 2019-04-20 2019-05-25
4.3
None Remote Medium Not required None None Partial
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
5 CVE-2019-11091 200 Exec Code +Info 2019-05-30 2019-06-11
4.7
None Local Medium Not required Complete None None
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
6 CVE-2019-11026 400 2019-04-08 2019-05-07
4.3
None Remote Medium Not required None None Partial
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.
7 CVE-2019-10906 264 2019-04-06 2019-06-06
5.0
None Remote Low Not required Partial None None
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
8 CVE-2019-10903 399 2019-04-09 2019-05-25
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
9 CVE-2019-10902 399 2019-04-09 2019-04-23
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.
10 CVE-2019-10901 476 2019-04-09 2019-05-25
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
11 CVE-2019-10900 399 2019-04-09 2019-04-23
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.
12 CVE-2019-10899 119 Overflow 2019-04-09 2019-05-25
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
13 CVE-2019-10898 399 2019-04-09 2019-04-23
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.
14 CVE-2019-10897 399 2019-04-09 2019-04-23
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.
15 CVE-2019-10896 399 2019-04-09 2019-05-16
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
16 CVE-2019-10895 20 2019-04-09 2019-05-25
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
17 CVE-2019-10894 399 2019-04-09 2019-05-25
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
18 CVE-2019-9917 20 DoS 2019-03-27 2019-06-14
4.0
None Remote Low Single system None None Partial
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.
19 CVE-2019-9903 400 Bypass 2019-03-21 2019-05-07
4.3
None Remote Medium Not required None None Partial
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
20 CVE-2019-9898 327 2019-03-21 2019-04-26
7.5
None Remote Low Not required Partial Partial Partial
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
21 CVE-2019-9897 20 2019-03-21 2019-04-26
5.0
None Remote Low Not required None None Partial
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
22 CVE-2019-9895 119 Overflow 2019-03-21 2019-04-05
7.5
None Remote Low Not required Partial Partial Partial
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
23 CVE-2019-9894 320 2019-03-21 2019-04-26
6.4
None Remote Low Not required None Partial Partial
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
24 CVE-2019-9705 400 DoS 2019-03-11 2019-03-29
2.1
None Local Low Not required None None Partial
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
25 CVE-2019-9687 119 Overflow 2019-03-11 2019-03-29
7.5
None Remote Low Not required Partial Partial Partial
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
26 CVE-2019-9658 254 2019-03-11 2019-06-12
5.0
None Remote Low Not required Partial None None
Checkstyle before 8.18 loads external DTDs by default.
27 CVE-2019-9636 255 2019-03-08 2019-06-13
5.0
None Remote Low Not required Partial None None
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.
28 CVE-2019-9631 125 2019-03-08 2019-04-26
7.5
None Remote Low Not required Partial Partial Partial
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
29 CVE-2019-9499 264 2019-04-17 2019-05-15
6.8
None Remote Medium Not required Partial Partial Partial
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
30 CVE-2019-9498 264 2019-04-17 2019-05-15
6.8
None Remote Medium Not required Partial Partial Partial
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
31 CVE-2019-9497 287 2019-04-17 2019-05-15
6.8
None Remote Medium Not required Partial Partial Partial
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
32 CVE-2019-9496 287 DoS 2019-04-17 2019-05-15
5.0
None Remote Low Not required None None Partial
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
33 CVE-2019-9495 327 2019-04-17 2019-05-15
4.3
None Remote Medium Not required Partial None None
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
34 CVE-2019-9494 200 +Info 2019-04-17 2019-05-15
4.3
None Remote Medium Not required Partial None None
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
35 CVE-2019-9211 20 DoS 2019-02-27 2019-04-25
4.3
None Remote Medium Not required None None Partial
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
36 CVE-2019-9199 476 DoS 2019-02-26 2019-04-03
6.8
None Remote Medium Not required Partial Partial Partial
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
37 CVE-2019-8936 476 2019-05-15 2019-05-31
5.0
None Remote Low Not required None None Partial
NTP through 4.2.8p12 has a NULL Pointer Dereference.
38 CVE-2019-8381 119 DoS Overflow 2019-02-16 2019-03-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
39 CVE-2019-8377 476 DoS 2019-02-16 2019-03-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
40 CVE-2019-8376 476 DoS 2019-02-16 2019-03-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
41 CVE-2019-7577 125 2019-02-07 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
42 CVE-2019-7443 20 2019-05-07 2019-05-10
9.3
None Remote Medium Not required Complete Complete Complete
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
43 CVE-2019-7222 200 +Info 2019-03-21 2019-05-13
2.1
None Local Low Not required Partial None None
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
44 CVE-2019-7221 416 2019-03-21 2019-06-14
4.6
None Local Low Not required Partial Partial Partial
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
45 CVE-2019-6975 400 2019-02-11 2019-04-25
5.0
None Remote Low Not required None None Partial
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
46 CVE-2019-6778 119 Overflow 2019-03-21 2019-05-31
4.6
None Local Low Not required Partial Partial Partial
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
47 CVE-2019-6454 119 DoS Overflow 2019-03-21 2019-06-04
4.9
None Local Low Not required None None Complete
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
48 CVE-2019-6341 79 XSS 2019-03-26 2019-05-15
3.5
None Remote Medium Single system None Partial None
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
49 CVE-2019-6251 20 2019-01-14 2019-05-15
5.8
None Remote Medium Not required Partial Partial None
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
50 CVE-2019-6116 20 Exec Code 2019-03-21 2019-04-24
6.8
None Remote Medium Not required Partial Partial Partial
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
Total number of vulnerabilities : 140   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.