High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-22	CVE-2015-1341	Permissions, Privileges, and Access Controls vulnerability in Canonical Apport and Ubuntu Linux Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. local low complexity canonical CWE-264	7.2
2019-04-22	CVE-2019-11235	Insufficient Verification of Data Authenticity vulnerability in multiple products FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. network low complexity freeradius fedoraproject redhat canonical opensuse CWE-345	7.5
2019-04-22	CVE-2019-11234	Improper Authentication vulnerability in multiple products FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. network low complexity freeradius fedoraproject redhat canonical CWE-287	7.5
2019-04-19	CVE-2019-11338	NULL Pointer Dereference vulnerability in multiple products libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. network low complexity ffmpeg debian novell canonical CWE-476	8.8
2019-04-18	CVE-2019-11324	Improper Certificate Validation vulnerability in multiple products The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. network low complexity python canonical CWE-295	7.5
2019-04-18	CVE-2019-3885	Use After Free vulnerability in multiple products A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. network low complexity clusterlabs canonical fedoraproject CWE-416	7.5
2019-04-18	CVE-2018-16877	A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. local low complexity clusterlabs canonical fedoraproject debian opensuse redhat	7.8
2019-04-09	CVE-2019-10903	Out-of-bounds Read vulnerability in multiple products In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. network low complexity wireshark fedoraproject debian opensuse canonical CWE-125	7.5
2019-04-09	CVE-2019-10901	NULL Pointer Dereference vulnerability in multiple products In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. network low complexity wireshark fedoraproject debian opensuse canonical CWE-476	7.5
2019-04-09	CVE-2019-10899	Out-of-bounds Read vulnerability in multiple products In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. network low complexity wireshark fedoraproject debian canonical opensuse CWE-125	7.5