Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-10-14 CVE-2019-17545 Double Free vulnerability in multiple products
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
network
low complexity
osgeo oracle debian fedoraproject opensuse CWE-415
critical
 9.8
9.8
2019-10-10 CVE-2019-17455 Out-of-bounds Read vulnerability in multiple products
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
network
low complexity
nongnu debian canonical fedoraproject opensuse CWE-125
critical
 9.8
9.8
2019-10-07 CVE-2019-17042 Improper Input Validation vulnerability in multiple products
An issue was discovered in Rsyslog v8.1908.0.
network
low complexity
rsyslog fedoraproject debian opensuse CWE-20
critical
 9.8
9.8
2019-10-07 CVE-2019-17041 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Rsyslog v8.1908.0.
network
low complexity
rsyslog debian fedoraproject opensuse CWE-787
critical
 9.8
9.8
2019-10-01 CVE-2019-16943 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-01 CVE-2019-16942 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat netapp oracle CWE-502
critical
 9.8
9.8
2019-09-27 CVE-2019-16928 Out-of-bounds Write vulnerability in multiple products
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846.
network
low complexity
exim canonical debian fedoraproject CWE-787
critical
 9.8
9.8
2019-09-24 CVE-2019-16746 Classic Buffer Overflow vulnerability in multiple products
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17.
network
low complexity
linux debian canonical fedoraproject opensuse CWE-120
critical
 9.8
9.8
2019-09-17 CVE-2019-16378 Authentication Bypass by Spoofing vulnerability in multiple products
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.
network
low complexity
trusteddomain debian fedoraproject canonical CWE-290
critical
 9.8
9.8
2019-09-17 CVE-2019-16239 Classic Buffer Overflow vulnerability in multiple products
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
network
low complexity
infradead fedoraproject debian canonical opensuse CWE-120
critical
 9.8
9.8