Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-10-28 CVE-2019-11043 Out-of-bounds Write vulnerability in multiple products
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
network
low complexity
php canonical debian fedoraproject tenable redhat CWE-787
critical
9.8
2019-10-14 CVE-2019-17545 Double Free vulnerability in multiple products
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
network
low complexity
osgeo oracle debian fedoraproject opensuse CWE-415
critical
9.8
2019-10-10 CVE-2019-17455 Out-of-bounds Read vulnerability in multiple products
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
network
low complexity
nongnu debian canonical fedoraproject opensuse CWE-125
critical
9.8
2019-10-07 CVE-2019-17042 Improper Input Validation vulnerability in multiple products
An issue was discovered in Rsyslog v8.1908.0.
network
low complexity
rsyslog fedoraproject debian opensuse CWE-20
critical
9.8
2019-10-07 CVE-2019-17041 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Rsyslog v8.1908.0.
network
low complexity
rsyslog debian fedoraproject opensuse CWE-787
critical
9.8
2019-10-01 CVE-2019-16943 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat oracle netapp CWE-502
critical
9.8
2019-10-01 CVE-2019-16942 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat netapp oracle CWE-502
critical
9.8
2019-09-27 CVE-2019-16928 Out-of-bounds Write vulnerability in multiple products
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846.
network
low complexity
exim canonical debian fedoraproject CWE-787
critical
9.8
2019-09-24 CVE-2019-16746 Classic Buffer Overflow vulnerability in multiple products
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17.
network
low complexity
linux debian canonical fedoraproject opensuse CWE-120
critical
9.8
2019-09-17 CVE-2019-16378 Authentication Bypass by Spoofing vulnerability in multiple products
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.
network
low complexity
trusteddomain debian fedoraproject canonical CWE-290
critical
9.8