Vulnerabilities > Fedoraproject > Fedora > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-09 | CVE-2019-19648 | Out-of-bounds Read vulnerability in multiple products In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. | 7.8 |
| 2019-12-09 | CVE-2019-19647 | NULL Pointer Dereference vulnerability in multiple products radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. | 7.8 |
| 2019-12-08 | CVE-2019-19630 | Out-of-bounds Write vulnerability in multiple products HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document. | 7.8 |
| 2019-12-06 | CVE-2012-2130 | Inadequate Encryption Strength vulnerability in multiple products A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. | 7.4 |
| 2019-12-06 | CVE-2012-1615 | Improper Privilege Management vulnerability in Fedoraproject Fedora and Sectool A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file. | 7.8 |
| 2019-12-02 | CVE-2013-4410 | Incorrect Authorization vulnerability in multiple products ReviewBoard: has an access-control problem in REST API | 7.5 |
| 2019-12-02 | CVE-2012-4480 | Improper Privilege Management vulnerability in multiple products mom creates world-writable pid files in /var/run | 7.8 |
| 2019-12-02 | CVE-2012-4428 | Out-of-bounds Read vulnerability in multiple products openslp: SLPIntersectStringList()' Function has a DoS vulnerability | 7.5 |
| 2019-11-27 | CVE-2019-14812 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |
| 2019-11-27 | CVE-2019-14867 | Resource Exhaustion vulnerability in multiple products A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. | 8.8 |