Vulnerabilities > Fedoraproject > Fedora > 29
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2019-3862 | Out-of-bounds Read vulnerability in multiple products An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. | 9.1 |
| 2019-03-21 | CVE-2019-3859 | Out-of-bounds Read vulnerability in multiple products An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. | 9.1 |
| 2019-03-21 | CVE-2018-19872 | Divide By Zero vulnerability in multiple products An issue was discovered in Qt 5.11. | 5.5 |
| 2019-03-21 | CVE-2018-18898 | Resource Exhaustion vulnerability in multiple products The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. | 7.5 |
| 2019-03-21 | CVE-2018-18849 | Out-of-bounds Read vulnerability in multiple products In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. | 5.5 |
| 2019-03-21 | CVE-2018-12023 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. | 7.5 |
| 2019-03-21 | CVE-2018-12022 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. | 7.5 |
| 2019-03-14 | CVE-2019-3833 | Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. | 7.5 |
| 2019-03-14 | CVE-2019-3816 | Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. | 7.5 |
| 2019-03-13 | CVE-2019-9741 | CRLF Injection vulnerability in multiple products An issue was discovered in net/http in Go 1.11.5. | 6.1 |