Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2018-12-10 CVE-2018-20005 Use After Free vulnerability in multiple products
An issue has been found in Mini-XML (aka mxml) 2.12.
local
low complexity
msweet fedoraproject CWE-416
5.5
5.5
2018-12-10 CVE-2018-20004 Out-of-bounds Write vulnerability in multiple products
An issue has been found in Mini-XML (aka mxml) 2.12.
network
low complexity
mini-xml-project debian fedoraproject CWE-787
8.8
8.8
2018-12-07 CVE-2018-18311 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
network
low complexity
perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190
critical
 9.8
9.8
2018-12-04 CVE-2018-19591 Improper Input Validation vulnerability in multiple products
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed.
network
low complexity
gnu fedoraproject CWE-20
7.5
7.5
2018-12-04 CVE-2018-19841 Out-of-bounds Read vulnerability in multiple products
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. 		5.5
5.5
2018-12-04 CVE-2018-19840 Infinite Loop vulnerability in multiple products
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. 		5.5
5.5
2018-11-29 CVE-2018-19497 Out-of-bounds Read vulnerability in multiple products
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).
network
low complexity
sleuthkit debian fedoraproject CWE-125
6.5
6.5
2018-11-29 CVE-2018-8786 Incorrect Conversion between Numeric Types vulnerability in multiple products
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
network
low complexity
freerdp canonical debian fedoraproject redhat CWE-681
critical
 9.8
9.8
2018-11-16 CVE-2018-19296 PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. 8.8
8.8
2018-10-17 CVE-2018-18409 Out-of-bounds Read vulnerability in multiple products
A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. 		5.5
5.5