Vulnerabilities > Fedoraproject > Fedora > 28

DATE CVE VULNERABILITY TITLE RISK
2018-09-17 CVE-2018-17142 NULL Pointer Dereference vulnerability in multiple products
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
network
low complexity
golang fedoraproject CWE-476
7.5
7.5
2018-09-16 CVE-2018-17075 NULL Pointer Dereference vulnerability in multiple products
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>.
network
low complexity
golang fedoraproject CWE-476
7.5
7.5
2018-08-24 CVE-2018-14599 Off-by-one Error vulnerability in multiple products
An issue was discovered in libX11 through 1.6.5.
network
low complexity
x-org debian canonical fedoraproject redhat CWE-193
critical
 9.8
9.8
2018-08-24 CVE-2018-14598 Improper Input Validation vulnerability in multiple products
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5.
network
low complexity
x-org debian canonical fedoraproject CWE-20
7.5
7.5
2018-08-14 CVE-2018-14348 Information Exposure vulnerability in multiple products
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. 		8.1
8.1
2018-06-27 CVE-2017-18342 Deserialization of Untrusted Data vulnerability in multiple products
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data.
network
low complexity
pyyaml fedoraproject CWE-502
critical
 9.8
9.8
2018-06-19 CVE-2018-10811 Missing Initialization of Resource vulnerability in multiple products
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. 		7.5
7.5
2018-06-19 CVE-2018-1061 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.
network
low complexity
python debian redhat canonical fedoraproject
7.5
7.5
2018-06-18 CVE-2018-1060 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method.
network
low complexity
python fedoraproject canonical redhat debian
7.5
7.5
2018-06-13 CVE-2018-11385 Session Fixation vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
high complexity
sensiolabs debian fedoraproject CWE-384
8.1
8.1