Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2019-11-04 CVE-2013-4251 Improper Privilege Management vulnerability in multiple products
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
local
low complexity
scipy fedoraproject redhat debian CWE-269
7.8
7.8
2019-11-01 CVE-2013-4168 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.
network
low complexity
smokeping debian fedoraproject CWE-79
6.1
6.1
2019-11-01 CVE-2013-4751 Improper Input Validation vulnerability in multiple products
php-symfony2-Validator has loss of information during serialization
network
low complexity
sensiolabs fedoraproject redhat CWE-20
8.1
8.1
2019-10-31 CVE-2013-1931 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.
network
low complexity
mantisbt fedoraproject CWE-79
6.1
6.1
2019-10-31 CVE-2013-1930 Improper Input Validation vulnerability in multiple products
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.
network
low complexity
mantisbt fedoraproject CWE-20
4.3
4.3
2019-10-31 CVE-2019-18425 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors.
network
low complexity
xen debian fedoraproject opensuse CWE-269
critical
 9.8
9.8
2019-10-31 CVE-2019-18424 OS Command Injection vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. 		6.8
6.8
2019-10-31 CVE-2019-18423 Off-by-one Error vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall.
network
low complexity
xen debian fedoraproject CWE-193
8.8
8.8
2019-10-31 CVE-2019-18422 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts.
network
low complexity
xen debian fedoraproject CWE-732
8.8
8.8
2019-10-31 CVE-2019-18421 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations.
network
high complexity
xen debian fedoraproject opensuse CWE-362
7.5
7.5