Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-14 | CVE-2018-14348 | Information Exposure vulnerability in multiple products libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. | 8.1 |
| 2018-07-27 | CVE-2017-12173 | Improper Input Validation vulnerability in multiple products It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. | 4.0 |
| 2018-07-18 | CVE-2018-10871 | Cleartext Storage of Sensitive Information vulnerability in multiple products 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. | 4.0 |
| 2018-07-06 | CVE-2018-13405 | Improper Privilege Management vulnerability in multiple products The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. | 7.8 |
| 2018-07-03 | CVE-2018-1113 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat products setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. | 4.6 |
| 2018-06-27 | CVE-2017-18342 | Deserialization of Untrusted Data vulnerability in multiple products In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. | 9.8 |
| 2018-06-26 | CVE-2018-10852 | Information Exposure vulnerability in multiple products The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. | 5.0 |
| 2018-06-22 | CVE-2017-2668 | NULL Pointer Dereference vulnerability in multiple products 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. | 4.3 |
| 2018-06-19 | CVE-2018-10811 | Missing Initialization of Resource vulnerability in multiple products strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. | 7.5 |
| 2018-06-19 | CVE-2018-1061 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. | 7.5 |