Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2019-01-14 CVE-2018-16886 Improper Authentication vulnerability in multiple products
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled.
network
high complexity
etcd redhat fedoraproject CWE-287
8.1
2019-01-14 CVE-2019-6251 WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. 8.1
2019-01-02 CVE-2019-3500 Information Exposure Through Log Files vulnerability in multiple products
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.
7.8
2018-12-28 CVE-2018-20549 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.
8.8
2018-12-28 CVE-2018-20548 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.
8.8
2018-12-28 CVE-2018-20547 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.
8.1
2018-12-28 CVE-2018-20546 Integer Overflow or Wraparound vulnerability in multiple products
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.
8.1
2018-12-28 CVE-2018-20545 Integer Overflow or Wraparound vulnerability in multiple products
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.
8.8
2018-12-23 CVE-2018-20406 Integer Overflow or Wraparound vulnerability in multiple products
Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt.
network
low complexity
python debian fedoraproject CWE-190
7.5
2018-12-20 CVE-2018-20191 NULL Pointer Dereference vulnerability in multiple products
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).
network
low complexity
qemu canonical fedoraproject CWE-476
7.5