Vulnerabilities > Fedoraproject > Fedora > 30
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-17 | CVE-2019-8381 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Tcpreplay 4.3.1. | 7.8 |
| 2019-02-17 | CVE-2019-8377 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Tcpreplay 4.3.1. | 7.8 |
| 2019-02-17 | CVE-2019-8376 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Tcpreplay 4.3.1. | 7.8 |
| 2019-02-11 | CVE-2019-5736 | OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78 | 8.6 |
| 2019-02-06 | CVE-2019-3464 | Improper Initialization vulnerability in multiple products Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 |
| 2019-02-06 | CVE-2019-3463 | Argument Injection or Modification vulnerability in multiple products Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 |
| 2019-02-04 | CVE-2019-1000018 | Command Injection vulnerability in multiple products rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. | 7.8 |
| 2019-01-31 | CVE-2019-6111 | Path Traversal vulnerability in multiple products An issue was discovered in OpenSSH 7.9. | 5.9 |
| 2019-01-31 | CVE-2019-6109 | Improper Encoding or Escaping of Output vulnerability in multiple products An issue was discovered in OpenSSH 7.9. | 6.8 |
| 2019-01-16 | CVE-2019-6446 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in NumPy 1.16.0 and earlier. | 9.8 |