High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-18	CVE-2018-16877	A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. local low complexity clusterlabs canonical fedoraproject debian opensuse redhat	7.8
2019-04-17	CVE-2019-9499	Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. network high complexity w1-fi fedoraproject opensuse debian synology freebsd CWE-287	8.1
2019-04-17	CVE-2019-9498	Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. network high complexity w1-fi fedoraproject opensuse debian synology freebsd CWE-287	8.1
2019-04-17	CVE-2019-9497	Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. network high complexity w1-fi fedoraproject CWE-287	8.1
2019-04-17	CVE-2019-9496	Improper Authentication vulnerability in multiple products An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. network low complexity w1-fi fedoraproject CWE-287	7.5
2019-04-17	CVE-2019-3883	Missing Release of Resource after Effective Lifetime vulnerability in multiple products In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. network low complexity fedoraproject debian redhat CWE-772	7.5
2019-04-09	CVE-2019-3842	Incorrect Authorization vulnerability in multiple products In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. local high complexity systemd-project redhat fedoraproject debian CWE-863	7.0
2019-04-09	CVE-2019-10903	Out-of-bounds Read vulnerability in multiple products In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. network low complexity wireshark fedoraproject debian opensuse canonical CWE-125	7.5
2019-04-09	CVE-2019-10902	Unchecked Return Value vulnerability in multiple products In Wireshark 3.0.0, the TSDNS dissector could crash. network low complexity wireshark fedoraproject CWE-252	7.5
2019-04-09	CVE-2019-10901	NULL Pointer Dereference vulnerability in multiple products In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. network low complexity wireshark fedoraproject debian opensuse canonical CWE-476	7.5