Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-16 | CVE-2018-17075 | NULL Pointer Dereference vulnerability in multiple products The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. | 7.5 |
| 2018-09-14 | CVE-2018-14638 | Double Free vulnerability in multiple products A flaw was found in 389-ds-base before version 1.3.8.4-13. | 7.5 |
| 2018-09-06 | CVE-2018-14624 | A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. | 7.5 |
| 2018-08-24 | CVE-2018-14599 | Off-by-one Error vulnerability in multiple products An issue was discovered in libX11 through 1.6.5. | 9.8 |
| 2018-08-24 | CVE-2018-14598 | Improper Input Validation vulnerability in multiple products An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. | 7.5 |
| 2018-08-22 | CVE-2018-10846 | A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. | 5.6 |
| 2018-08-22 | CVE-2018-10845 | It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. | 5.9 |
| 2018-08-22 | CVE-2018-10844 | It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. | 5.9 |
| 2018-08-14 | CVE-2018-14348 | Information Exposure vulnerability in multiple products libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. | 8.1 |
| 2018-07-27 | CVE-2017-12173 | Improper Input Validation vulnerability in multiple products It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. | 8.8 |