Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2019-02-19 CVE-2019-5757 Incorrect Type Conversion or Cast vulnerability in multiple products
An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject CWE-704
8.8
2019-02-19 CVE-2019-5756 Use After Free vulnerability in multiple products
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
network
low complexity
google debian redhat fedoraproject CWE-416
8.8
2019-02-19 CVE-2019-5755 Numeric Errors vulnerability in multiple products
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject CWE-189
8.1
2019-02-17 CVE-2019-8383 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in AdvanceCOMP through 2.1.
7.8
2019-02-17 CVE-2019-8381 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Tcpreplay 4.3.1.
local
low complexity
broadcom fedoraproject CWE-119
7.8
2019-02-17 CVE-2019-8379 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in AdvanceCOMP through 2.1.
7.8
2019-02-17 CVE-2019-8377 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Tcpreplay 4.3.1.
local
low complexity
broadcom fedoraproject CWE-476
7.8
2019-02-17 CVE-2019-8376 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Tcpreplay 4.3.1.
local
low complexity
broadcom fedoraproject CWE-476
7.8
2019-02-11 CVE-2019-5736 OS Command Injection vulnerability in multiple products
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec.
8.6
2019-02-11 CVE-2019-6975 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
network
low complexity
djangoproject canonical fedoraproject CWE-770
7.5