Vulnerabilities > Fedoraproject > Fedora > 30
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-15 | CVE-2019-0001 | Uncontrolled Recursion vulnerability in multiple products Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. | 7.5 |
| 2019-01-14 | CVE-2018-16886 | Improper Authentication vulnerability in multiple products etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. | 8.1 |
| 2019-01-14 | CVE-2019-6251 | WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. | 8.1 |
| 2019-01-03 | CVE-2018-20662 | Improper Input Validation vulnerability in multiple products In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | 6.5 |
| 2019-01-02 | CVE-2019-3500 | Information Exposure Through Log Files vulnerability in multiple products aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. | 7.8 |
| 2018-12-23 | CVE-2018-20406 | Integer Overflow or Wraparound vulnerability in multiple products Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. | 7.5 |
| 2018-12-20 | CVE-2018-20191 | NULL Pointer Dereference vulnerability in multiple products hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). | 7.5 |
| 2018-12-20 | CVE-2018-1000880 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. | 6.5 |
| 2018-12-20 | CVE-2018-1000879 | NULL Pointer Dereference vulnerability in multiple products libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. | 6.5 |
| 2018-12-20 | CVE-2018-1000878 | Use After Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. | 8.8 |