Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2019-06-30 CVE-2019-13109 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.
network
low complexity
exiv2 fedoraproject CWE-190
6.5
6.5
2019-06-30 CVE-2019-13108 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.
network
low complexity
exiv2 fedoraproject CWE-190
6.5
6.5
2019-06-30 CVE-2019-13107 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c
network
low complexity
matio-project fedoraproject CWE-190
critical
 9.8
9.8
2019-06-29 CVE-2019-13050 Improper Certificate Validation vulnerability in multiple products
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. 		7.5
7.5
2019-06-29 CVE-2019-13038 Open Redirect vulnerability in multiple products
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. 		6.1
6.1
2019-06-27 CVE-2019-5840 Race Condition vulnerability in multiple products
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google opensuse debian fedoraproject CWE-362
4.3
4.3
2019-06-27 CVE-2019-5839 Improper Input Validation vulnerability in multiple products
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
network
low complexity
google opensuse debian fedoraproject CWE-20
4.3
4.3
2019-06-27 CVE-2019-5838 Incorrect Authorization vulnerability in multiple products
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian CWE-863
4.3
4.3
2019-06-27 CVE-2019-5837 Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google opensuse debian fedoraproject
6.5
6.5
2019-06-27 CVE-2019-5836 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google opensuse debian fedoraproject CWE-787
8.8
8.8