Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2019-11-30 CVE-2019-19269 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b.
network
low complexity
proftpd fedoraproject debian CWE-476
4.9
2019-11-29 CVE-2019-19451 Infinite Loop vulnerability in multiple products
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout.
local
low complexity
gnome fedoraproject opensuse CWE-835
5.5
2019-11-29 CVE-2019-14901 A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver.
network
low complexity
linux fedoraproject debian canonical
critical
9.8
2019-11-29 CVE-2019-14895 A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver.
network
low complexity
linux debian canonical fedoraproject opensuse
critical
9.8
2019-11-27 CVE-2019-18660 Information Exposure vulnerability in multiple products
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58.
4.7
2019-11-27 CVE-2016-1000110 Open Redirect vulnerability in multiple products
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
network
low complexity
python debian fedoraproject CWE-601
6.1
2019-11-27 CVE-2016-4980 Use of Insufficiently Random Values vulnerability in multiple products
A password generation weakness exists in xquest through 2016-06-13.
local
high complexity
ethz fedoraproject redhat CWE-330
2.5
2019-11-27 CVE-2019-14812 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
local
low complexity
artifex fedoraproject CWE-732
7.8
2019-11-27 CVE-2019-14896 A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver.
network
low complexity
linux redhat fedoraproject canonical debian
critical
9.8
2019-11-27 CVE-2019-14867 Resource Exhaustion vulnerability in multiple products
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data.
network
low complexity
freeipa fedoraproject CWE-400
8.8