Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-10	CVE-2019-11065	Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. network high complexity gradle fedoraproject	5.9
2019-04-09	CVE-2019-9133	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. local low complexity kmplayer fedoraproject CWE-191	5.5
2019-04-09	CVE-2019-3887	A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. local high complexity linux fedoraproject canonical redhat	5.6
2019-04-09	CVE-2019-3880	Path Traversal vulnerability in multiple products A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. network low complexity samba debian redhat fedoraproject opensuse CWE-22	5.4
2019-04-09	CVE-2019-3870	Incorrect Default Permissions vulnerability in multiple products A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. local low complexity samba fedoraproject synology CWE-276	6.1
2019-04-09	CVE-2019-9844	Cross-site Scripting vulnerability in multiple products simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI. network low complexity khanacademy fedoraproject CWE-79	6.1
2019-04-08	CVE-2019-11026	Uncontrolled Recursion vulnerability in multiple products FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. network low complexity freedesktop fedoraproject CWE-674	6.5
2019-04-07	CVE-2019-10740	Cleartext Transmission of Sensitive Information vulnerability in multiple products In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. network low complexity roundcube fedoraproject opensuse CWE-319	4.3
2019-04-04	CVE-2019-3886	An incorrect permissions check was discovered in libvirt 4.8.0 and above. low complexity redhat opensuse fedoraproject	5.4
2019-03-27	CVE-2019-3877	Open Redirect vulnerability in multiple products A vulnerability was found in mod_auth_mellon before v0.14.2. network low complexity mod-auth-mellon-project fedoraproject redhat canonical CWE-601	6.1