Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-03-11 CVE-2019-9687 Out-of-bounds Write vulnerability in multiple products
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
network
low complexity
podofo-project fedoraproject CWE-787
critical
 9.8
9.8
2019-03-08 CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.
network
low complexity
python fedoraproject opensuse debian canonical redhat oracle
critical
 9.8
9.8
2019-03-08 CVE-2019-9631 Out-of-bounds Read vulnerability in multiple products
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
network
low complexity
freedesktop fedoraproject debian CWE-125
critical
 9.8
9.8
2019-02-19 CVE-2019-5759 Use After Free vulnerability in multiple products
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject CWE-416
critical
 9.6
9.6
2019-02-06 CVE-2019-3464 Improper Initialization vulnerability in multiple products
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
network
low complexity
pizzashack debian fedoraproject canonical CWE-665
critical
 9.8
9.8
2019-02-06 CVE-2019-3463 Argument Injection or Modification vulnerability in multiple products
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
network
low complexity
pizzashack debian fedoraproject canonical CWE-88
critical
 9.8
9.8
2019-01-16 CVE-2019-6446 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in NumPy 1.16.0 and earlier.
network
low complexity
numpy fedoraproject CWE-502
critical
 9.8
9.8
2018-12-11 CVE-2018-20060 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme).
network
low complexity
python fedoraproject
critical
 9.8
9.8
2018-12-07 CVE-2018-18311 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
network
low complexity
perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190
critical
 9.8
9.8
2018-11-29 CVE-2018-8786 Incorrect Conversion between Numeric Types vulnerability in multiple products
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
network
low complexity
freerdp canonical debian fedoraproject redhat CWE-681
critical
 9.8
9.8