Vulnerabilities > Fedoraproject > Fedora > 29

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-20	CVE-2018-1000878	Use After Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. network low complexity libarchive debian canonical redhat opensuse fedoraproject CWE-416	8.8
2018-12-20	CVE-2018-1000877	Double Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. network low complexity libarchive debian canonical redhat fedoraproject CWE-415	8.8
2018-12-13	CVE-2018-16872	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A flaw was found in qemu Media Transfer Protocol (MTP). network high complexity qemu debian fedoraproject canonical opensuse CWE-367	5.3
2018-12-13	CVE-2018-19489	Race Condition vulnerability in multiple products v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. local high complexity qemu debian fedoraproject canonical opensuse CWE-362	4.7
2018-12-13	CVE-2018-19364	Use After Free vulnerability in multiple products hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. local low complexity qemu canonical debian fedoraproject opensuse CWE-416	5.5
2018-12-12	CVE-2018-16867	Race Condition vulnerability in multiple products A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. local high complexity qemu fedoraproject canonical CWE-362	7.8
2018-12-11	CVE-2018-20060	urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). network low complexity python fedoraproject critical	9.8
2018-12-10	CVE-2018-20005	Use After Free vulnerability in multiple products An issue has been found in Mini-XML (aka mxml) 2.12. local low complexity msweet fedoraproject CWE-416	5.5
2018-12-10	CVE-2018-20004	Out-of-bounds Write vulnerability in multiple products An issue has been found in Mini-XML (aka mxml) 2.12. network low complexity mini-xml-project debian fedoraproject CWE-787	8.8
2018-12-07	CVE-2018-18311	Integer Overflow or Wraparound vulnerability in multiple products Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. network low complexity perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190 critical	9.8