National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:fedoraproject:fedora:29
There are 146 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2018-18849

In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.

Published: March 21, 2019; 12:00:29 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-12023

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Published: March 21, 2019; 12:00:12 PM -04:00
V3: 7.5 HIGH
V2: 5.1 MEDIUM
CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Published: March 21, 2019; 12:00:12 PM -04:00
V3: 7.5 HIGH
V2: 5.1 MEDIUM
CVE-2019-3833

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

Published: March 14, 2019; 06:29:01 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2019-3816

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

Published: March 14, 2019; 06:29:01 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2019-9705

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.

Published: March 11, 2019; 09:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2019-9687

PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.

Published: March 11, 2019; 12:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-9658

Checkstyle before 8.18 loads external DTDs by default.

Published: March 11, 2019; 01:29:00 AM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.

Published: March 08, 2019; 04:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 5.0 MEDIUM
CVE-2019-9631

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

Published: March 08, 2019; 12:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-9211

There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.

Published: February 27, 2019; 12:29:00 PM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-9199

PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Published: February 26, 2019; 06:29:00 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-5782

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Published: February 19, 2019; 12:29:02 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-5781

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Published: February 19, 2019; 12:29:02 PM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-5780

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.

Published: February 19, 2019; 12:29:02 PM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: February 19, 2019; 12:29:01 PM -05:00
V3: 4.3 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-5778

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.

Published: February 19, 2019; 12:29:01 PM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-5777

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Published: February 19, 2019; 12:29:01 PM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-5776

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Published: February 19, 2019; 12:29:01 PM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-5775

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Published: February 19, 2019; 12:29:01 PM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM