Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-10-17 | CVE-2018-18409 | A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. | Ubuntu_linux, Tcpflow, Fedora | 5.5 | ||
| 2018-11-16 | CVE-2018-19296 | PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | Debian_linux, Fedora, Phpmailer, Wordpress | 8.8 | ||
| 2018-11-29 | CVE-2018-8786 | FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. | Ubuntu_linux, Debian_linux, Fedora, Freerdp, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 9.8 | ||
| 2018-11-29 | CVE-2018-19497 | In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). | Debian_linux, Fedora, The_sleuth_kit | 6.5 | ||
| 2018-12-04 | CVE-2018-19840 | The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. | Ubuntu_linux, Fedora, Leap, Wavpack | 5.5 | ||
| 2018-12-04 | CVE-2018-19841 | The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wavpack | 5.5 | ||
| 2018-12-04 | CVE-2018-19591 | In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. | Fedora, Glibc | 7.5 | ||
| 2018-12-07 | CVE-2018-18311 | Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Web_gateway, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdriver, Perl, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform | 9.8 | ||
| 2018-12-10 | CVE-2018-20004 | An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml. | Debian_linux, Fedora, Mini\-Xml | 8.8 | ||
| 2018-12-10 | CVE-2018-20005 | An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. | Fedora, Mini\-Xml | 5.5 |