Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-21	CVE-2018-12022	Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. network high complexity fasterxml debian fedoraproject oracle redhat CWE-502	7.5
2019-03-14	CVE-2019-3833	Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. network low complexity openwsman-project fedoraproject opensuse	7.5
2019-03-14	CVE-2019-3816	Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. network low complexity openwsman-project redhat fedoraproject opensuse	7.5
2019-03-13	CVE-2019-9741	CRLF Injection vulnerability in multiple products An issue was discovered in net/http in Go 1.11.5. network low complexity golang debian fedoraproject redhat CWE-93	6.1
2019-03-12	CVE-2019-9705	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted. local low complexity cron-project debian fedoraproject CWE-770	5.5
2019-03-12	CVE-2019-9704	Unchecked Return Value vulnerability in multiple products Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. local low complexity cron-project fedoraproject debian CWE-252	5.5
2019-03-11	CVE-2019-9687	Out-of-bounds Write vulnerability in multiple products PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. network low complexity podofo-project fedoraproject CWE-787 critical	9.8
2019-03-11	CVE-2019-9658	XXE vulnerability in multiple products Checkstyle before 8.18 loads external DTDs by default. network low complexity checkstyle debian fedoraproject CWE-611	5.3
2019-03-08	CVE-2019-9636	Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. network low complexity python fedoraproject opensuse debian canonical redhat oracle critical	9.8
2019-03-08	CVE-2019-9631	Out-of-bounds Read vulnerability in multiple products Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. network low complexity freedesktop fedoraproject debian CWE-125 critical	9.8