Vulnerabilities > Fedoraproject > Fedora > 28

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-06	CVE-2020-14312	Unspecified vulnerability in Fedoraproject Fedora A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. network high complexity fedoraproject	5.9
2019-06-11	CVE-2019-0220	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. network low complexity apache opensuse debian fedoraproject canonical CWE-706	5.3
2019-05-15	CVE-2019-8936	NULL Pointer Dereference vulnerability in multiple products NTP through 4.2.8p12 has a NULL Pointer Dereference. network low complexity netapp fedoraproject opensuse hpe ntp CWE-476	7.5
2019-05-14	CVE-2019-11328	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. network low complexity sylabs fedoraproject opensuse CWE-732	8.8
2019-05-10	CVE-2019-11884	The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. local low complexity linux fedoraproject debian canonical redhat opensuse	3.3
2019-05-09	CVE-2019-11831	Deserialization of Untrusted Data vulnerability in multiple products The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. network low complexity typo3 debian fedoraproject drupal joomla CWE-502 critical	9.8
2019-05-07	CVE-2019-7443	Improper Input Validation vulnerability in multiple products KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. network high complexity kde opensuse fedoraproject CWE-20	8.1
2019-05-03	CVE-2019-11036	Out-of-bounds Read vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. network low complexity php fedoraproject redhat canonical debian opensuse CWE-125 critical	9.1
2019-04-29	CVE-2019-5429	Untrusted Search Path vulnerability in multiple products Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory. local low complexity filezilla-project debian fedoraproject CWE-426	7.8
2019-04-25	CVE-2019-3900	An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). network low complexity linux fedoraproject redhat debian canonical netapp oracle	7.7