Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-11-15 CVE-2019-18928 Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
network
low complexity
cyrus fedoraproject debian
critical
 9.8
9.8
2019-10-31 CVE-2019-18425 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors.
network
low complexity
xen debian fedoraproject opensuse CWE-269
critical
 9.8
9.8
2019-10-30 CVE-2018-21029 Improper Certificate Validation vulnerability in multiple products
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS.
network
low complexity
systemd-project fedoraproject CWE-295
critical
 9.8
9.8
2019-10-14 CVE-2019-17545 Double Free vulnerability in multiple products
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
network
low complexity
osgeo oracle debian fedoraproject opensuse CWE-415
critical
 9.8
9.8
2019-10-10 CVE-2019-17455 Out-of-bounds Read vulnerability in multiple products
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
network
low complexity
nongnu debian canonical fedoraproject opensuse CWE-125
critical
 9.8
9.8
2019-10-07 CVE-2019-17042 Improper Input Validation vulnerability in multiple products
An issue was discovered in Rsyslog v8.1908.0.
network
low complexity
rsyslog fedoraproject debian opensuse CWE-20
critical
 9.8
9.8
2019-10-07 CVE-2019-17041 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Rsyslog v8.1908.0.
network
low complexity
rsyslog debian fedoraproject opensuse CWE-787
critical
 9.8
9.8
2019-10-01 CVE-2019-16943 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-01 CVE-2019-16942 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat netapp oracle CWE-502
critical
 9.8
9.8
2019-09-27 CVE-2019-16928 Out-of-bounds Write vulnerability in multiple products
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846.
network
low complexity
exim canonical debian fedoraproject CWE-787
critical
 9.8
9.8