Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-22 CVE-2018-10845 It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian
5.9
2018-08-22 CVE-2018-10844 It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian
5.9
2018-06-22 CVE-2017-2668 NULL Pointer Dereference vulnerability in multiple products
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled.
network
low complexity
fedoraproject redhat CWE-476
6.5
2018-06-13 CVE-2018-10850 Race Condition vulnerability in multiple products
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load.
network
high complexity
fedoraproject redhat debian CWE-362
5.9
2018-05-30 CVE-2018-10196 NULL Pointer Dereference vulnerability in multiple products
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
local
low complexity
graphviz fedoraproject canonical CWE-476
5.5
2018-05-04 CVE-2011-0704 Improper Input Validation vulnerability in Fedoraproject 389 Directory Server 1.2.7.5
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.
network
high complexity
fedoraproject CWE-20
5.9
2018-04-25 CVE-2017-6888 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
local
low complexity
flac-project debian fedoraproject CWE-772
5.5
2018-04-10 CVE-2014-1400 Improper Access Control vulnerability in multiple products
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.
network
low complexity
entity-api-project fedoraproject CWE-284
6.5
2018-04-10 CVE-2014-1399 Improper Access Control vulnerability in multiple products
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.
network
low complexity
entity-api-project fedoraproject CWE-284
6.5
2018-04-10 CVE-2014-1398 Improper Access Control vulnerability in multiple products
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.
network
low complexity
entity-api-project fedoraproject CWE-284
6.5