High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-08	CVE-2014-7272	Permissions, Privileges, and Access Controls vulnerability in multiple products Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases). local low complexity sddm-project fedoraproject CWE-264	7.8
2018-03-08	CVE-2014-7271	Missing Authentication for Critical Function vulnerability in multiple products Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication. local low complexity sddm-project fedoraproject CWE-306	7.8
2018-03-07	CVE-2018-1054	Out-of-bounds Read vulnerability in multiple products An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. network low complexity fedoraproject redhat CWE-125	7.5
2018-03-01	CVE-2017-15134	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. network low complexity fedoraproject redhat CWE-119	7.5
2018-02-09	CVE-2014-3219	Link Following vulnerability in multiple products fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. local low complexity fishshell fedoraproject CWE-59	7.8
2018-01-25	CVE-2017-15365	sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. network low complexity fedoraproject mariadb percona	8.8
2018-01-24	CVE-2017-15135	Unspecified vulnerability in Fedoraproject 389 Directory Server It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. network high complexity fedoraproject	8.1
2018-01-22	CVE-2018-6003	Uncontrolled Recursion vulnerability in multiple products An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. network low complexity gnu fedoraproject debian CWE-674	7.5
2018-01-12	CVE-2018-5345	Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. local low complexity fedoraproject gnome canonical debian redhat CWE-787	7.8
2017-12-29	CVE-2015-8008	Improper Access Control vulnerability in multiple products The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. network low complexity mediawiki fedoraproject CWE-284	7.5