Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-03-21 | CVE-2019-9895 | In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. | Fedora, Putty | 9.8 | ||
| 2019-03-21 | CVE-2019-9897 | Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | Debian_linux, Fedora, Oncommand_unified_manager, Leap, Putty | 7.5 | ||
| 2019-03-21 | CVE-2019-9898 | Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | Debian_linux, Fedora, Oncommand_unified_manager, Leap, Putty | 9.8 | ||
| 2019-03-21 | CVE-2019-9903 | PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. | Ubuntu_linux, Debian_linux, Fedora, Poppler, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus | 6.5 | ||
| 2019-03-21 | CVE-2019-3855 | An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. | Xcode, Debian_linux, Fedora, Libssh2, Ontap_select_deploy_administration_utility, Leap, Peoplesoft_enterprise_peopletools, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 8.8 | ||
| 2019-03-21 | CVE-2019-3858 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | Debian_linux, Fedora, Libssh2, Ontap_select_deploy_administration_utility, Leap | 9.1 | ||
| 2019-03-21 | CVE-2019-3871 | A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response | Fedora, Authoritative_server | 8.8 | ||
| 2019-03-23 | CVE-2019-9948 | urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | Ubuntu_linux, Debian_linux, Fedora, Leap, Python, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_tus, Enterprise_linux_workstation | 9.1 | ||
| 2019-03-25 | CVE-2019-3835 | It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | Ghostscript, Debian_linux, Fedora, Leap, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 5.5 | ||
| 2019-03-25 | CVE-2019-3838 | It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | Ghostscript, Debian_linux, Fedora, Leap, Ansible_tower, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 5.5 |