Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-11-15 CVE-2013-7088 Classic Buffer Overflow vulnerability in multiple products
ClamAV before 0.97.7 has buffer overflow in the libclamav component
network
low complexity
clamav debian fedoraproject CWE-120
critical
 9.8
9.8
2019-11-15 CVE-2013-7087 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ClamAV before 0.97.7 has WWPack corrupt heap memory
network
low complexity
clamav debian fedoraproject CWE-119
critical
 9.8
9.8
2019-11-15 CVE-2019-18928 Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
network
low complexity
cyrus fedoraproject debian
critical
 9.8
9.8
2019-11-12 CVE-2010-3438 Use of Externally-Controlled Format String vulnerability in multiple products
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. 		9.8
9.8
2019-11-04 CVE-2015-8980 Improper Input Validation vulnerability in multiple products
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
network
low complexity
php-gettext-project opensuse redhat fedoraproject CWE-20
critical
 9.8
9.8
2019-11-04 CVE-2013-4409 Improper Input Validation vulnerability in multiple products
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
network
low complexity
reviewboard fedoraproject redhat CWE-20
critical
 9.8
9.8
2019-10-31 CVE-2019-18425 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors.
network
low complexity
xen debian fedoraproject opensuse CWE-269
critical
 9.8
9.8
2019-10-30 CVE-2018-21029 Improper Certificate Validation vulnerability in multiple products
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS.
network
low complexity
systemd-project fedoraproject CWE-295
critical
 9.8
9.8
2019-10-28 CVE-2019-11043 Out-of-bounds Write vulnerability in multiple products
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
network
low complexity
php canonical debian fedoraproject tenable redhat CWE-787
critical
 9.8
9.8
2019-10-14 CVE-2019-17545 Double Free vulnerability in multiple products
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
network
low complexity
osgeo oracle debian fedoraproject opensuse CWE-415
critical
 9.8
9.8