Vulnerabilities > Fedoraproject > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-21 | CVE-2019-9895 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. | 9.8 |
2019-03-21 | CVE-2019-3862 | Out-of-bounds Read vulnerability in multiple products An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. | 9.1 |
2019-03-21 | CVE-2019-3859 | Out-of-bounds Read vulnerability in multiple products An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. | 9.1 |
2019-03-11 | CVE-2019-9687 | Out-of-bounds Write vulnerability in multiple products PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. | 9.8 |
2019-03-08 | CVE-2019-9636 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. | 9.8 |
2019-03-08 | CVE-2019-9631 | Out-of-bounds Read vulnerability in multiple products Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. | 9.8 |
2019-02-19 | CVE-2019-5759 | Use After Free vulnerability in multiple products Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2019-02-06 | CVE-2019-3464 | Improper Initialization vulnerability in multiple products Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 |
2019-02-06 | CVE-2019-3463 | Argument Injection or Modification vulnerability in multiple products Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 |
2019-01-16 | CVE-2019-6446 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in NumPy 1.16.0 and earlier. | 9.8 |