Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-12-11 CVE-2018-20060 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme).
network
low complexity
python fedoraproject
critical
 9.8
9.8
2018-12-07 CVE-2018-18311 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
network
low complexity
perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190
critical
 9.8
9.8
2018-11-29 CVE-2018-8786 Incorrect Conversion between Numeric Types vulnerability in multiple products
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
network
low complexity
freerdp canonical debian fedoraproject redhat CWE-681
critical
 9.8
9.8
2018-10-17 CVE-2018-18408 Use After Free vulnerability in multiple products
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1.
network
low complexity
broadcom fedoraproject CWE-416
critical
 9.8
9.8
2018-10-01 CVE-2018-17825 Double Free vulnerability in multiple products
An issue was discovered in AdPlug 2.3.1.
network
low complexity
adplug-project fedoraproject CWE-415
critical
 9.8
9.8
2018-08-24 CVE-2018-14599 Off-by-one Error vulnerability in multiple products
An issue was discovered in libX11 through 1.6.5.
network
low complexity
x-org debian canonical fedoraproject redhat CWE-193
critical
 9.8
9.8
2018-06-27 CVE-2017-18342 Deserialization of Untrusted Data vulnerability in multiple products
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data.
network
low complexity
pyyaml fedoraproject CWE-502
critical
 9.8
9.8
2018-05-07 CVE-2018-10771 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
network
low complexity
moinejf debian fedoraproject CWE-787
critical
 9.8
9.8
2018-05-05 CVE-2018-10753 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
network
low complexity
moinejf debian fedoraproject CWE-787
critical
 9.8
9.8
2018-02-01 CVE-2014-3005 XXE vulnerability in multiple products
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
network
low complexity
zabbix fedoraproject CWE-611
critical
 9.8
9.8