Vulnerabilities > Fedoraproject > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-18 | CVE-2015-5740 | HTTP Request Smuggling vulnerability in multiple products The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. | 9.8 |
| 2017-10-18 | CVE-2015-5739 | HTTP Request Smuggling vulnerability in multiple products The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." | 9.8 |
| 2017-10-16 | CVE-2015-7687 | Use After Free vulnerability in multiple products Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta. | 9.8 |
| 2017-09-21 | CVE-2017-12170 | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. | 9.8 |
| 2017-09-13 | CVE-2017-11462 | Double Free vulnerability in multiple products Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. | 9.8 |
| 2017-08-16 | CVE-2017-7551 | Unspecified vulnerability in Fedoraproject 389 Directory Server 1.3.5.19/1.3.6.7 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | 9.8 |
| 2017-08-09 | CVE-2015-6816 | Improper Authentication vulnerability in multiple products ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | 9.8 |
| 2017-06-06 | CVE-2016-9961 | Numeric Errors vulnerability in multiple products game-music-emu before 0.6.1 mishandles unspecified integer values. network low complexity game-music-emu-project fedoraproject opensuse-project opensuse novell CWE-189 critical | 9.8 |
| 2017-05-23 | CVE-2016-5178 | Improper Input Validation vulnerability in multiple products Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
| 2017-05-02 | CVE-2016-10243 | Improper Input Validation vulnerability in multiple products TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | 9.8 |