Vulnerabilities > Fedoraproject > Fedora > 31
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-05 | CVE-2019-15945 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. | 6.4 |
2019-09-04 | CVE-2019-15718 | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. | 4.4 |
2019-09-03 | CVE-2019-14817 | Incorrect Authorization vulnerability in multiple products A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |
2019-09-03 | CVE-2019-14811 | Incorrect Authorization vulnerability in multiple products A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |
2019-08-30 | CVE-2019-12402 | Infinite Loop vulnerability in multiple products The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. | 7.5 |
2019-08-23 | CVE-2019-15531 | Out-of-bounds Read vulnerability in multiple products GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. | 6.5 |
2019-08-23 | CVE-2019-10746 | Argument Injection or Modification vulnerability in multiple products mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. | 9.8 |
2019-08-20 | CVE-2019-10086 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. | 7.3 |
2019-08-20 | CVE-2019-2126 | Double Free vulnerability in multiple products In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. | 8.8 |
2019-08-18 | CVE-2019-15145 | Out-of-bounds Read vulnerability in multiple products DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h. | 5.5 |