Vulnerabilities > Fedoraproject > Fedora > 30
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-23 | CVE-2019-11045 | Injection vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. | 5.9 |
| 2019-12-23 | CVE-2019-11044 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. | 7.5 |
| 2019-12-20 | CVE-2019-16786 | HTTP Request Smuggling vulnerability in multiple products Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. | 7.5 |
| 2019-12-20 | CVE-2019-16785 | HTTP Request Smuggling vulnerability in multiple products Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. | 7.5 |
| 2019-12-17 | CVE-2019-3996 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. | 6.5 |
| 2019-12-17 | CVE-2019-3995 | NULL Pointer Dereference vulnerability in multiple products ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. | 7.5 |
| 2019-12-17 | CVE-2019-3994 | Use After Free vulnerability in multiple products ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. | 7.5 |
| 2019-12-17 | CVE-2019-3993 | Cleartext Transmission of Sensitive Information vulnerability in multiple products ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. | 7.5 |
| 2019-12-17 | CVE-2019-3992 | Cleartext Transmission of Sensitive Information vulnerability in multiple products ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. | 7.5 |
| 2019-12-16 | CVE-2019-19783 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. | 6.5 |