Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5116 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-14540 | 6 Debian, Fasterxml, Fedoraproject and 3 more | 28 Debian Linux, Jackson-databind, Fedora and 25 more | 2024-08-05 | 9.8 Critical |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. | ||||
CVE-2019-14532 | 2 Fedoraproject, Sleuthkit | 2 Fedora, The Sleuth Kit | 2024-08-05 | 9.8 Critical |
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table. | ||||
CVE-2019-14439 | 6 Apache, Debian, Fasterxml and 3 more | 20 Drill, Debian Linux, Jackson-databind and 17 more | 2024-08-05 | 7.5 High |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. | ||||
CVE-2019-14463 | 3 Debian, Fedoraproject, Libmodbus | 3 Debian Linux, Fedora, Libmodbus | 2024-08-05 | 9.1 Critical |
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301. | ||||
CVE-2019-14464 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-08-05 | 5.5 Medium |
XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. | ||||
CVE-2019-14459 | 3 Debian, Fedoraproject, Nfdump Project | 3 Debian Linux, Fedora, Nfdump | 2024-08-05 | 7.5 High |
nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). | ||||
CVE-2019-14462 | 3 Debian, Fedoraproject, Libmodbus | 3 Debian Linux, Fedora, Libmodbus | 2024-08-05 | 9.1 Critical |
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. | ||||
CVE-2019-14494 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-08-05 | 7.5 High |
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. | ||||
CVE-2019-14379 | 7 Apple, Debian, Fasterxml and 4 more | 37 Xcode, Debian Linux, Jackson-databind and 34 more | 2024-08-05 | 9.8 Critical |
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | ||||
CVE-2019-14267 | 2 Fedoraproject, Pdfresurrect Project | 2 Fedora, Pdfresurrect | 2024-08-05 | 7.8 High |
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled. | ||||
CVE-2019-14287 | 7 Canonical, Debian, Fedoraproject and 4 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2024-08-05 | 8.8 High |
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. | ||||
CVE-2019-14234 | 4 Debian, Djangoproject, Fedoraproject and 1 more | 4 Debian Linux, Django, Fedora and 1 more | 2024-08-05 | N/A |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | ||||
CVE-2019-13759 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-08-05 | 4.3 Medium |
Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||||
CVE-2019-13757 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-08-05 | 4.3 Medium |
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
CVE-2019-13753 | 5 Canonical, Debian, Fedoraproject and 2 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-08-05 | 6.5 Medium |
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
CVE-2019-13747 | 4 Debian, Fedoraproject, Google and 1 more | 9 Debian Linux, Fedora, Android and 6 more | 2024-08-05 | 8.8 High |
Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2019-13734 | 8 Canonical, Debian, Fedoraproject and 5 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-08-05 | 8.8 High |
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2019-13748 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-08-05 | 6.5 Medium |
Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
CVE-2019-13749 | 5 Apple, Debian, Fedoraproject and 2 more | 9 Iphone Os, Debian Linux, Fedora and 6 more | 2024-08-05 | 6.5 Medium |
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
CVE-2019-13754 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-08-05 | 4.3 Medium |
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |