Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5305 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3887 | 4 Canonical, Fedoraproject, Linux and 1 more | 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more | 2024-11-21 | 5.6 Medium |
| A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue. | ||||
| CVE-2019-3886 | 3 Fedoraproject, Opensuse, Redhat | 4 Fedora, Leap, Advanced Virtualization and 1 more | 2024-11-21 | 5.4 Medium |
| An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. | ||||
| CVE-2019-3885 | 4 Canonical, Clusterlabs, Fedoraproject and 1 more | 4 Ubuntu Linux, Pacemaker, Fedora and 1 more | 2024-11-21 | N/A |
| A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. | ||||
| CVE-2019-3882 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. | ||||
| CVE-2019-3880 | 5 Debian, Fedoraproject, Opensuse and 2 more | 7 Debian Linux, Fedora, Leap and 4 more | 2024-11-21 | 5.4 Medium |
| A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. | ||||
| CVE-2019-3878 | 4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more | 11 Ubuntu Linux, Fedora, Mod Auth Mellon and 8 more | 2024-11-21 | N/A |
| A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication. | ||||
| CVE-2019-3877 | 4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more | 4 Ubuntu Linux, Fedora, Mod Auth Mellon and 1 more | 2024-11-21 | N/A |
| A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function. | ||||
| CVE-2019-3871 | 2 Fedoraproject, Powerdns | 2 Fedora, Authoritative Server | 2024-11-21 | N/A |
| A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response | ||||
| CVE-2019-3862 | 6 Debian, Fedoraproject, Libssh2 and 3 more | 7 Debian Linux, Fedora, Libssh2 and 4 more | 2024-11-21 | N/A |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | ||||
| CVE-2019-3859 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 5 Debian Linux, Fedora, Libssh2 and 2 more | 2024-11-21 | N/A |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | ||||
| CVE-2019-3858 | 6 Debian, Fedoraproject, Libssh2 and 3 more | 7 Debian Linux, Fedora, Libssh2 and 4 more | 2024-11-21 | N/A |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | ||||
| CVE-2019-3855 | 8 Apple, Debian, Fedoraproject and 5 more | 18 Xcode, Debian Linux, Fedora and 15 more | 2024-11-21 | 8.8 High |
| An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. | ||||
| CVE-2019-3851 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | N/A |
| A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page. | ||||
| CVE-2019-3846 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2024-11-21 | 8.8 High |
| A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. | ||||
| CVE-2019-3839 | 6 Artifex, Canonical, Debian and 3 more | 6 Ghostscript, Ubuntu Linux, Debian Linux and 3 more | 2024-11-21 | 7.8 High |
| It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable. | ||||
| CVE-2019-3838 | 5 Artifex, Debian, Fedoraproject and 2 more | 12 Ghostscript, Debian Linux, Fedora and 9 more | 2024-11-21 | 5.5 Medium |
| It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | ||||
| CVE-2019-3836 | 4 Fedoraproject, Gnu, Opensuse and 1 more | 4 Fedora, Gnutls, Leap and 1 more | 2024-11-21 | N/A |
| It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. | ||||
| CVE-2019-3835 | 5 Artifex, Debian, Fedoraproject and 2 more | 12 Ghostscript, Debian Linux, Fedora and 9 more | 2024-11-21 | 5.5 Medium |
| It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | ||||
| CVE-2019-3833 | 4 Fedoraproject, Opensuse, Openwsman Project and 1 more | 4 Fedora, Leap, Openwsman and 1 more | 2024-11-21 | 7.5 High |
| Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. | ||||
| CVE-2019-3829 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Gnutls, Enterprise Linux | 2024-11-21 | N/A |
| A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. | ||||