Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-07 CVE-2019-10906 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. 8.6
2019-04-01 CVE-2019-3836 Access of Uninitialized Pointer vulnerability in multiple products
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
network
low complexity
gnu fedoraproject opensuse CWE-824
7.5
2019-03-27 CVE-2018-12545 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames.
network
low complexity
eclipse fedoraproject CWE-770
7.5
2019-03-27 CVE-2019-3829 Use After Free vulnerability in multiple products
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7.
network
low complexity
gnu fedoraproject CWE-416
7.5
2019-03-27 CVE-2019-5419 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
7.5
2019-03-27 CVE-2019-5418 There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. 7.5
2019-03-26 CVE-2019-3878 Improper Authentication vulnerability in multiple products
A vulnerability was found in mod_auth_mellon before v0.14.2.
8.1
2019-03-26 CVE-2019-3804 Missing Initialization of Resource vulnerability in multiple products
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack.
network
low complexity
cockpit-project fedoraproject redhat CWE-909
7.5
2019-03-25 CVE-2019-3857 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed.
8.8
2019-03-25 CVE-2019-3856 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed.
8.8