Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2019-11-21 CVE-2019-18889 Code Injection vulnerability in multiple products
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7.
network
low complexity
sensiolabs fedoraproject CWE-94
critical
 9.8
9.8
2019-11-21 CVE-2019-18888 Argument Injection or Modification vulnerability in multiple products
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7.
network
low complexity
sensiolabs fedoraproject CWE-88
7.5
7.5
2019-11-21 CVE-2019-18887 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7.
network
high complexity
sensiolabs fedoraproject CWE-203
8.1
8.1
2019-11-21 CVE-2019-19204 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. 		7.5
7.5
2019-11-21 CVE-2019-19203 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2.
network
low complexity
oniguruma-project fedoraproject CWE-125
7.5
7.5
2019-11-21 CVE-2015-2793 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
network
low complexity
ikiwiki fedoraproject CWE-79
6.1
6.1
2019-11-21 CVE-2012-4524 Improper Input Validation vulnerability in multiple products
xlockmore before 5.43 'dclock' security bypass vulnerability
network
low complexity
sillycycle fedoraproject CWE-20
7.5
7.5
2019-11-20 CVE-2013-1817 Information Exposure vulnerability in multiple products
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
network
low complexity
mediawiki debian redhat fedoraproject CWE-200
7.5
7.5
2019-11-20 CVE-2013-1816 Improper Input Validation vulnerability in multiple products
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
network
low complexity
mediawiki debian redhat fedoraproject CWE-20
7.5
7.5
2019-11-20 CVE-2012-6136 Incorrect Default Permissions vulnerability in multiple products
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
local
low complexity
redhat fedoraproject debian CWE-276
5.5
5.5