Vulnerabilities > Fedoraproject > Fedora > 19
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-06 | CVE-2020-14312 | Unspecified vulnerability in Fedoraproject Fedora A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. network fedoraproject | 4.3 |
| 2020-02-17 | CVE-2014-8089 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | 7.5 |
| 2020-02-06 | CVE-2013-4572 | Session Fixation vulnerability in multiple products The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. | 5.0 |
| 2020-02-05 | CVE-2010-5304 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. | 5.0 |
| 2020-01-28 | CVE-2013-0294 | Use of Insufficiently Random Values vulnerability in multiple products packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. | 4.3 |
| 2020-01-28 | CVE-2014-2581 | Insufficiently Protected Credentials vulnerability in multiple products Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | 5.0 |
| 2020-01-28 | CVE-2013-1437 | Injection vulnerability in multiple products Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | 7.5 |
| 2020-01-02 | CVE-2013-4752 | Cross-site Scripting vulnerability in multiple products Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. | 4.3 |
| 2019-12-31 | CVE-2013-4357 | Classic Buffer Overflow vulnerability in multiple products The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. | 5.0 |
| 2019-12-31 | CVE-2013-4161 | Improper Privilege Management vulnerability in multiple products gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. | 7.2 |