Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-08	CVE-2019-0211	Use After Free vulnerability in multiple products In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. local low complexity apache fedoraproject canonical debian opensuse netapp redhat oracle CWE-416	7.8
2019-04-08	CVE-2019-0217	Race Condition vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. network high complexity apache debian fedoraproject canonical redhat opensuse netapp oracle CWE-362	7.5
2019-04-08	CVE-2019-0215	In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. network high complexity apache fedoraproject	7.5
2019-04-07	CVE-2019-10740	Cleartext Transmission of Sensitive Information vulnerability in multiple products In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. network low complexity roundcube fedoraproject opensuse CWE-319	4.3
2019-04-07	CVE-2019-10906	In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. network low complexity palletsprojects fedoraproject canonical redhat opensuse	8.6
2019-04-04	CVE-2019-3886	An incorrect permissions check was discovered in libvirt 4.8.0 and above. low complexity redhat opensuse fedoraproject	5.4
2019-04-01	CVE-2019-3836	Access of Uninitialized Pointer vulnerability in multiple products It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. network low complexity gnu fedoraproject opensuse CWE-824	7.5
2019-03-27	CVE-2019-0160	Out-of-bounds Write vulnerability in multiple products Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. network low complexity tianocore opensuse fedoraproject redhat CWE-787 critical	9.8
2019-03-27	CVE-2018-12545	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. network low complexity eclipse fedoraproject CWE-770	7.5
2019-03-27	CVE-2019-3829	Use After Free vulnerability in multiple products A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. network low complexity gnu fedoraproject CWE-416	7.5