Vulnerabilities > Fedoraproject > Fedora > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-15 | CVE-2019-18928 | Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. | 9.8 |
2019-10-31 | CVE-2019-18425 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. | 9.8 |
2019-10-30 | CVE-2018-21029 | Improper Certificate Validation vulnerability in multiple products systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. | 9.8 |
2019-10-14 | CVE-2019-17545 | Double Free vulnerability in multiple products GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | 9.8 |
2019-10-10 | CVE-2019-17455 | Out-of-bounds Read vulnerability in multiple products Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. | 9.8 |
2019-10-07 | CVE-2019-17042 | Improper Input Validation vulnerability in multiple products An issue was discovered in Rsyslog v8.1908.0. | 9.8 |
2019-10-07 | CVE-2019-17041 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Rsyslog v8.1908.0. | 9.8 |
2019-10-01 | CVE-2019-16943 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. | 9.8 |
2019-10-01 | CVE-2019-16942 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. | 9.8 |
2019-09-27 | CVE-2019-16928 | Out-of-bounds Write vulnerability in multiple products Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. | 9.8 |