Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2019-05-28 CVE-2019-5436 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
7.8
2019-05-24 CVE-2019-10143 It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user.
local
high complexity
freeradius fedoraproject redhat
7.0
2019-05-22 CVE-2019-10132 A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units.
network
low complexity
redhat fedoraproject
8.8
2019-05-16 CVE-2019-3839 It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. 7.8
2019-05-15 CVE-2019-12098 In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack.
network
high complexity
heimdal-project fedoraproject opensuse debian
7.4
2019-05-15 CVE-2019-8936 NULL Pointer Dereference vulnerability in multiple products
NTP through 4.2.8p12 has a NULL Pointer Dereference.
network
low complexity
netapp fedoraproject opensuse hpe ntp CWE-476
7.5
2019-05-14 CVE-2019-11328 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g.
network
low complexity
sylabs fedoraproject opensuse CWE-732
8.8
2019-05-13 CVE-2019-12083 Out-of-bounds Write vulnerability in multiple products
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety.
network
high complexity
rust-lang fedoraproject opensuse CWE-787
8.1
2019-05-08 CVE-2019-11494 NULL Pointer Dereference vulnerability in multiple products
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.
network
low complexity
dovecot fedoraproject opensuse CWE-476
7.5
2019-05-08 CVE-2019-11499 In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.
network
low complexity
dovecot fedoraproject opensuse
7.5