Vulnerabilities > Fedoraproject > Fedora > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-05 CVE-2018-11797 In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
local
low complexity
apache fedoraproject oracle
5.5
5.5
2018-08-22 CVE-2018-10846 A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found.
local
high complexity
gnu redhat canonical fedoraproject debian
5.6
5.6
2018-08-22 CVE-2018-10845 It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian
5.9
5.9
2018-08-22 CVE-2018-10844 It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian
5.9
5.9
2018-05-30 CVE-2018-10196 NULL Pointer Dereference vulnerability in multiple products
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
local
low complexity
graphviz fedoraproject canonical CWE-476
5.5
5.5
2018-04-25 CVE-2017-6888 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
local
low complexity
flac-project debian fedoraproject CWE-772
5.5
5.5
2018-04-10 CVE-2014-1400 Improper Access Control vulnerability in multiple products
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.
network
low complexity
entity-api-project fedoraproject CWE-284
6.5
6.5
2018-04-10 CVE-2014-1399 Improper Access Control vulnerability in multiple products
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.
network
low complexity
entity-api-project fedoraproject CWE-284
6.5
6.5
2018-04-10 CVE-2014-1398 Improper Access Control vulnerability in multiple products
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.
network
low complexity
entity-api-project fedoraproject CWE-284
6.5
6.5
2018-04-03 CVE-2018-1099 Improper Input Validation vulnerability in multiple products
DNS rebinding vulnerability found in etcd 3.3.1 and earlier.
local
low complexity
redhat fedoraproject CWE-20
5.5
5.5