Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2019-12-05 CVE-2018-1002102 Open Redirect vulnerability in multiple products
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts.
network
high complexity
kubernetes fedoraproject CWE-601
2.6
2019-12-04 CVE-2019-19579 Improper Input Validation vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424.
low complexity
xen fedoraproject CWE-20
6.8
2019-12-03 CVE-2013-4411 Incorrect Authorization vulnerability in multiple products
Review Board: URL processing gives unauthorized users access to review lists
network
low complexity
reviewboard fedoraproject CWE-863
4.3
2019-12-03 CVE-2013-4235 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
local
high complexity
debian fedoraproject redhat CWE-367
4.7
2019-12-02 CVE-2013-4410 Incorrect Authorization vulnerability in multiple products
ReviewBoard: has an access-control problem in REST API
network
low complexity
reviewboard fedoraproject CWE-863
7.5
2019-12-02 CVE-2012-4480 Improper Privilege Management vulnerability in multiple products
mom creates world-writable pid files in /var/run
local
low complexity
ovirt fedoraproject CWE-269
7.8
2019-12-02 CVE-2012-4428 Out-of-bounds Read vulnerability in multiple products
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
network
low complexity
openslp debian fedoraproject canonical CWE-125
7.5
2019-12-02 CVE-2019-19118 Incorrect Default Permissions vulnerability in multiple products
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing.
network
low complexity
djangoproject fedoraproject CWE-276
6.5
2019-12-01 CVE-2019-19479 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3.
5.5
2019-12-01 CVE-2019-18609 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0.
network
low complexity
rabbitmq-c-project fedoraproject canonical debian CWE-787
critical
9.8