Vulnerabilities > Fedoraproject > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2020-10108 | HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. | 9.8 |
| 2020-03-09 | CVE-2020-10232 | Out-of-bounds Write vulnerability in multiple products In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. | 9.8 |
| 2020-03-06 | CVE-2020-10188 | Classic Buffer Overflow vulnerability in multiple products utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. network low complexity netkit-telnet-project fedoraproject debian arista oracle juniper CWE-120 critical | 9.8 |
| 2020-03-02 | CVE-2020-10018 | Use After Free vulnerability in multiple products WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. | 9.8 |
| 2020-02-27 | CVE-2020-7043 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. | 9.1 |
| 2020-02-25 | CVE-2020-8794 | Out-of-bounds Read vulnerability in multiple products OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. | 9.8 |
| 2020-02-24 | CVE-2020-1938 | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. | 9.8 |
| 2020-02-24 | CVE-2019-18183 | OS Command Injection vulnerability in multiple products pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. | 9.8 |
| 2020-02-24 | CVE-2019-18182 | OS Command Injection vulnerability in multiple products pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. | 9.8 |
| 2020-02-19 | CVE-2020-6061 | Out-of-bounds Read vulnerability in multiple products An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. | 9.8 |