Vulnerabilities > Fedoraproject > Fedora > 28

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-14	CVE-2019-3816	Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. network low complexity openwsman-project redhat fedoraproject opensuse	7.5
2019-03-11	CVE-2019-9658	XXE vulnerability in multiple products Checkstyle before 8.18 loads external DTDs by default. network low complexity checkstyle debian fedoraproject CWE-611	5.3
2019-03-08	CVE-2019-9636	Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. network low complexity python fedoraproject opensuse debian canonical redhat oracle critical	9.8
2019-03-08	CVE-2019-9631	Out-of-bounds Read vulnerability in multiple products Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. network low complexity freedesktop fedoraproject debian CWE-125 critical	9.8
2019-03-07	CVE-2018-14498	Out-of-bounds Read vulnerability in multiple products get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. network low complexity mozilla libjpeg-turbo fedoraproject debian opensuse CWE-125	6.5
2019-02-17	CVE-2019-8381	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Tcpreplay 4.3.1. local low complexity broadcom fedoraproject CWE-119	7.8
2019-02-17	CVE-2019-8377	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Tcpreplay 4.3.1. local low complexity broadcom fedoraproject CWE-476	7.8
2019-02-17	CVE-2019-8376	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Tcpreplay 4.3.1. local low complexity broadcom fedoraproject CWE-476	7.8
2019-02-11	CVE-2019-6975	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. network low complexity djangoproject canonical fedoraproject CWE-770	7.5
2019-02-08	CVE-2019-7639	Incorrect Authorization vulnerability in multiple products An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. network high complexity fedoraproject gsi-openssh-project CWE-863	8.1