Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2019-04-08 CVE-2019-0215 In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
network
high complexity
apache fedoraproject
7.5
7.5
2019-04-07 CVE-2019-10740 Cleartext Transmission of Sensitive Information vulnerability in multiple products
In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email.
network
low complexity
roundcube fedoraproject opensuse CWE-319
4.3
4.3
2019-04-07 CVE-2019-10906 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. 8.6
8.6
2019-04-04 CVE-2019-3886 An incorrect permissions check was discovered in libvirt 4.8.0 and above.
low complexity
redhat opensuse fedoraproject
5.4
5.4
2019-04-01 CVE-2019-3836 Access of Uninitialized Pointer vulnerability in multiple products
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
network
low complexity
gnu fedoraproject opensuse CWE-824
7.5
7.5
2019-03-27 CVE-2019-0160 Out-of-bounds Write vulnerability in multiple products
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
network
low complexity
tianocore opensuse fedoraproject redhat CWE-787
critical
 9.8
9.8
2019-03-27 CVE-2018-12545 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames.
network
low complexity
eclipse fedoraproject CWE-770
7.5
7.5
2019-03-27 CVE-2019-3829 Use After Free vulnerability in multiple products
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7.
network
low complexity
gnu fedoraproject CWE-416
7.5
7.5
2019-03-27 CVE-2019-5420 Use of Insufficiently Random Values vulnerability in multiple products
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token.
network
low complexity
rubyonrails debian fedoraproject CWE-330
critical
 9.8
9.8
2019-03-27 CVE-2019-5419 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. 		7.5
7.5