Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-10852 Information Exposure vulnerability in multiple products
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user.
network
low complexity
debian fedoraproject redhat CWE-200
7.5
7.5
2018-06-22 CVE-2017-2668 NULL Pointer Dereference vulnerability in multiple products
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled.
network
low complexity
fedoraproject redhat CWE-476
6.5
6.5
2018-06-19 CVE-2018-10811 Missing Initialization of Resource vulnerability in multiple products
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. 		7.5
7.5
2018-06-19 CVE-2018-1061 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.
network
low complexity
python debian redhat canonical fedoraproject
7.5
7.5
2018-06-18 CVE-2018-1090 Information Exposure vulnerability in multiple products
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer.
network
low complexity
pulpproject fedoraproject redhat CWE-200
7.5
7.5
2018-06-18 CVE-2018-1060 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method.
network
low complexity
python fedoraproject canonical redhat debian
7.5
7.5
2018-06-13 CVE-2018-10850 Race Condition vulnerability in multiple products
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load.
network
high complexity
fedoraproject redhat debian CWE-362
5.9
5.9
2018-06-13 CVE-2018-11385 Session Fixation vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
high complexity
sensiolabs debian fedoraproject CWE-384
8.1
8.1
2018-05-30 CVE-2018-10196 NULL Pointer Dereference vulnerability in multiple products
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
local
low complexity
graphviz fedoraproject canonical CWE-476
5.5
5.5
2018-05-17 CVE-2018-1111 Command Injection vulnerability in multiple products
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client.
high complexity
fedoraproject redhat CWE-77
7.5
7.5