Vulnerabilities > Fedoraproject > Fedora
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-17 | CVE-2019-9494 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. | 5.9 |
2019-04-10 | CVE-2019-11068 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. | 9.8 |
2019-04-10 | CVE-2019-11065 | Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. | 5.9 |
2019-04-09 | CVE-2019-3842 | Incorrect Authorization vulnerability in multiple products In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. | 7.0 |
2019-04-09 | CVE-2019-9133 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. | 5.5 |
2019-04-09 | CVE-2019-3887 | A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. | 5.6 |
2019-04-09 | CVE-2019-3880 | Path Traversal vulnerability in multiple products A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. | 5.4 |
2019-04-09 | CVE-2019-3870 | Incorrect Default Permissions vulnerability in multiple products A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. | 6.1 |
2019-04-09 | CVE-2019-10903 | Out-of-bounds Read vulnerability in multiple products In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. | 7.5 |
2019-04-09 | CVE-2019-10902 | Unchecked Return Value vulnerability in multiple products In Wireshark 3.0.0, the TSDNS dissector could crash. | 7.5 |