Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-17	CVE-2019-9498	Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. network high complexity w1-fi fedoraproject opensuse debian synology freebsd CWE-287	8.1
2019-04-17	CVE-2019-9497	Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. network high complexity w1-fi fedoraproject CWE-287	8.1
2019-04-17	CVE-2019-9496	Improper Authentication vulnerability in multiple products An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. network low complexity w1-fi fedoraproject CWE-287	7.5
2019-04-17	CVE-2019-9495	Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. network high complexity w1-fi fedoraproject opensuse debian synology freebsd CWE-203	3.7
2019-04-17	CVE-2019-9494	Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. network high complexity w1-fi fedoraproject opensuse synology freebsd CWE-203	5.9
2019-04-10	CVE-2019-11068	libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. network low complexity xmlsoft canonical debian fedoraproject oracle netapp opensuse critical	9.8
2019-04-10	CVE-2019-11065	Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. network high complexity gradle fedoraproject	5.9
2019-04-09	CVE-2019-3842	Incorrect Authorization vulnerability in multiple products In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. local high complexity systemd-project redhat fedoraproject debian CWE-863	7.0
2019-04-09	CVE-2019-9133	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. local low complexity kmplayer fedoraproject CWE-191	5.5
2019-04-09	CVE-2019-3887	A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. local high complexity linux fedoraproject canonical redhat	5.6