Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2019-03-27 CVE-2019-5420 Use of Insufficiently Random Values vulnerability in multiple products
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token.
network
low complexity
rubyonrails debian fedoraproject CWE-330
critical
9.8
2019-03-27 CVE-2019-5419 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
7.5
2019-03-27 CVE-2019-5418 There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. 7.5
2019-03-27 CVE-2019-3877 Open Redirect vulnerability in multiple products
A vulnerability was found in mod_auth_mellon before v0.14.2.
6.1
2019-03-27 CVE-2019-9917 Improper Input Validation vulnerability in multiple products
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.
network
low complexity
znc canonical fedoraproject CWE-20
6.5
2019-03-26 CVE-2019-6341 Cross-site Scripting vulnerability in multiple products
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14.
network
low complexity
drupal debian fedoraproject CWE-79
5.4
2019-03-26 CVE-2019-3878 Improper Authentication vulnerability in multiple products
A vulnerability was found in mod_auth_mellon before v0.14.2.
8.1
2019-03-26 CVE-2019-3851 A vulnerability was found in moodle before versions 3.6.3 and 3.5.5.
network
low complexity
moodle fedoraproject
4.3
2019-03-26 CVE-2019-3804 Missing Initialization of Resource vulnerability in multiple products
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack.
network
low complexity
cockpit-project fedoraproject redhat CWE-909
7.5
2019-03-25 CVE-2019-3857 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed.
8.8