Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-10-17 CVE-2018-18408 Use After Free vulnerability in multiple products
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1.
network
low complexity
broadcom fedoraproject CWE-416
critical
 9.8
9.8
2018-10-01 CVE-2018-17825 Double Free vulnerability in multiple products
An issue was discovered in AdPlug 2.3.1.
network
low complexity
adplug-project fedoraproject CWE-415
critical
 9.8
9.8
2018-08-24 CVE-2018-14599 Off-by-one Error vulnerability in multiple products
An issue was discovered in libX11 through 1.6.5.
network
low complexity
x-org debian canonical fedoraproject redhat CWE-193
critical
 9.8
9.8
2018-06-27 CVE-2017-18342 Deserialization of Untrusted Data vulnerability in multiple products
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data.
network
low complexity
pyyaml fedoraproject CWE-502
critical
 9.8
9.8
2018-05-07 CVE-2018-10771 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
network
low complexity
moinejf debian fedoraproject CWE-787
critical
 9.8
9.8
2018-05-05 CVE-2018-10753 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
network
low complexity
moinejf debian fedoraproject CWE-787
critical
 9.8
9.8
2018-02-01 CVE-2014-3005 XXE vulnerability in multiple products
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
network
low complexity
zabbix fedoraproject CWE-611
critical
 9.8
9.8
2017-10-18 CVE-2015-5740 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
network
low complexity
golang fedoraproject redhat CWE-444
critical
 9.8
9.8
2017-10-18 CVE-2015-5739 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."
network
low complexity
golang fedoraproject redhat CWE-444
critical
 9.8
9.8
2017-10-16 CVE-2015-7687 Use After Free vulnerability in multiple products
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.
network
low complexity
openbsd fedoraproject CWE-416
critical
 9.8
9.8