Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-12 | CVE-2010-4177 | Cleartext Transmission of Sensitive Information vulnerability in multiple products mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. | 5.5 |
| 2019-11-12 | CVE-2010-3439 | Improper Input Validation vulnerability in multiple products It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | 6.5 |
| 2019-11-12 | CVE-2010-3438 | Use of Externally-Controlled Format String vulnerability in multiple products libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. | 9.8 |
| 2019-11-11 | CVE-2019-18849 | Out-of-bounds Read vulnerability in multiple products In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. | 5.5 |
| 2019-11-08 | CVE-2019-14824 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. | 6.5 |
| 2019-11-08 | CVE-2019-10222 | Improper Handling of Exceptional Conditions vulnerability in multiple products A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. | 7.5 |
| 2019-11-08 | CVE-2013-1820 | Improper Input Validation vulnerability in multiple products tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. | 5.5 |
| 2019-11-07 | CVE-2012-0049 | Resource Exhaustion vulnerability in multiple products OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. | 4.3 |
| 2019-11-07 | CVE-2019-18811 | Memory Leak vulnerability in multiple products A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. | 5.5 |
| 2019-11-07 | CVE-2019-18809 | Memory Leak vulnerability in multiple products A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. | 4.6 |