Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2012-1168 | Improper Input Validation vulnerability in multiple products Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | 8.2 |
| 2019-11-14 | CVE-2012-1156 | Information Exposure Through Log Files vulnerability in multiple products Moodle before 2.2.2 has users' private files included in course backups | 7.5 |
| 2019-11-14 | CVE-2012-1155 | Information Exposure vulnerability in multiple products Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | 7.5 |
| 2019-11-13 | CVE-2010-4661 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | 7.8 |
| 2019-11-13 | CVE-2019-18837 | Link Following vulnerability in multiple products An issue was discovered in crun before 0.10.5. | 8.6 |
| 2019-11-12 | CVE-2010-4177 | Cleartext Transmission of Sensitive Information vulnerability in multiple products mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. | 5.5 |
| 2019-11-12 | CVE-2010-3439 | Improper Input Validation vulnerability in multiple products It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | 6.5 |
| 2019-11-12 | CVE-2010-3438 | Use of Externally-Controlled Format String vulnerability in multiple products libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. | 9.8 |
| 2019-11-11 | CVE-2019-18849 | Out-of-bounds Read vulnerability in multiple products In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. | 5.5 |
| 2019-11-08 | CVE-2019-10222 | Improper Handling of Exceptional Conditions vulnerability in multiple products A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. | 7.5 |