Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2019-11-18 CVE-2019-19043 Memory Leak vulnerability in multiple products
A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering i40e_setup_channel() failures, aka CID-27d461333459.
local
low complexity
linux canonical fedoraproject CWE-401
5.5
2019-11-17 CVE-2019-19012 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker.
network
low complexity
oniguruma-project debian fedoraproject redhat CWE-190
critical
9.8
2019-11-16 CVE-2019-19010 Code Injection vulnerability in multiple products
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
network
low complexity
limnoria-project fedoraproject CWE-94
critical
9.8
2019-11-15 CVE-2011-2726 Incorrect Authorization vulnerability in multiple products
An access bypass issue was found in Drupal 7.x before version 7.5.
network
low complexity
drupal debian redhat fedoraproject CWE-863
7.5
2019-11-15 CVE-2014-0021 Chrony before 1.29.1 has traffic amplification in cmdmon protocol
network
low complexity
chrony-project debian fedoraproject
7.5
2019-11-15 CVE-2013-7089 Information Exposure vulnerability in multiple products
ClamAV before 0.97.7: dbg_printhex possible information leak
network
low complexity
clamav debian fedoraproject CWE-200
7.5
2019-11-15 CVE-2013-7088 Classic Buffer Overflow vulnerability in multiple products
ClamAV before 0.97.7 has buffer overflow in the libclamav component
network
low complexity
clamav debian fedoraproject CWE-120
critical
9.8
2019-11-15 CVE-2013-7087 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ClamAV before 0.97.7 has WWPack corrupt heap memory
network
low complexity
clamav debian fedoraproject CWE-119
critical
9.8
2019-11-15 CVE-2019-14869 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
network
low complexity
artifex fedoraproject opensuse CWE-732
8.8
2019-11-15 CVE-2019-18928 Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
network
low complexity
cyrus fedoraproject debian
critical
9.8