High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-02-09	CVE-2014-3219	Link Following vulnerability in multiple products fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. local low complexity fishshell fedoraproject CWE-59	7.8
2018-01-25	CVE-2017-15365	sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. network low complexity fedoraproject mariadb percona	8.8
2018-01-24	CVE-2017-15135	Unspecified vulnerability in Fedoraproject 389 Directory Server It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. network high complexity fedoraproject	8.1
2018-01-22	CVE-2018-6003	Uncontrolled Recursion vulnerability in multiple products An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. network low complexity gnu fedoraproject debian CWE-674	7.5
2018-01-12	CVE-2018-5345	Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. local low complexity fedoraproject gnome canonical debian redhat CWE-787	7.8
2017-12-29	CVE-2015-8008	Improper Access Control vulnerability in multiple products The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. network low complexity mediawiki fedoraproject CWE-284	7.5
2017-12-29	CVE-2014-8119	Improper Input Validation vulnerability in multiple products The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. network low complexity redhat fedoraproject netcf-project CWE-20	7.5
2017-12-05	CVE-2016-1254	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. network low complexity torproject opensuse-project debian fedoraproject opensuse CWE-119	7.5
2017-10-03	CVE-2017-13704	Improper Input Validation vulnerability in multiple products In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. network low complexity redhat debian novell canonical fedoraproject thekelleys CWE-20	7.5
2017-09-25	CVE-2015-5704	Command Injection vulnerability in multiple products scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. local low complexity devscripts-devel-team fedoraproject CWE-77	7.8