Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2019-07-11 CVE-2019-12527 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid 4.0.23 through 4.7. 		8.8
8.8
2019-07-11 CVE-2019-12525 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7.
network
low complexity
squid-cache debian opensuse fedoraproject canonical CWE-787
critical
 9.8
9.8
2019-07-11 CVE-2019-12838 SQL Injection vulnerability in multiple products
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.
network
low complexity
schedmd debian fedoraproject opensuse CWE-89
critical
 9.8
9.8
2019-07-10 CVE-2019-13132 Out-of-bounds Write vulnerability in multiple products
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library.
network
low complexity
zeromq debian canonical fedoraproject CWE-787
critical
 9.8
9.8
2019-07-10 CVE-2019-13225 NULL Pointer Dereference vulnerability in multiple products
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression.
network
low complexity
oniguruma-project fedoraproject CWE-476
6.5
6.5
2019-07-10 CVE-2019-13224 Use After Free vulnerability in multiple products
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression.
network
low complexity
oniguruma-project php fedoraproject debian canonical CWE-416
critical
 9.8
9.8
2019-07-05 CVE-2019-13313 Information Exposure vulnerability in multiple products
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
local
low complexity
libosinfo fedoraproject redhat CWE-200
7.8
7.8
2019-07-04 CVE-2019-13286 Out-of-bounds Read vulnerability in multiple products
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc.
local
low complexity
glyphandcog fedoraproject CWE-125
5.5
5.5
2019-07-04 CVE-2019-13283 Out-of-bounds Read vulnerability in multiple products
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy.
local
low complexity
glyphandcog fedoraproject CWE-125
7.8
7.8
2019-07-04 CVE-2019-13282 Out-of-bounds Read vulnerability in multiple products
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples.
local
low complexity
glyphandcog fedoraproject CWE-125
7.8
7.8