Vulnerabilities > Fedoraproject > Fedora > 28
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-20 | CVE-2019-11373 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. | 6.5 |
| 2019-04-20 | CVE-2019-11372 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. | 6.5 |
| 2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |
| 2019-04-18 | CVE-2018-16878 | Resource Exhaustion vulnerability in multiple products A flaw was found in pacemaker up to and including version 2.0.1. | 5.5 |
| 2019-04-18 | CVE-2018-16877 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. | 7.8 |
| 2019-04-17 | CVE-2019-9499 | Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. | 8.1 |
| 2019-04-17 | CVE-2019-9498 | Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. | 8.1 |
| 2019-04-17 | CVE-2019-9497 | Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. | 8.1 |
| 2019-04-17 | CVE-2019-9496 | Improper Authentication vulnerability in multiple products An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. | 7.5 |
| 2019-04-17 | CVE-2019-9495 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. | 3.7 |