Vulnerabilities > Fedoraproject

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-14	CVE-2019-11328	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. network low complexity sylabs fedoraproject opensuse CWE-732	8.8
2019-05-13	CVE-2019-12083	Out-of-bounds Write vulnerability in multiple products The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. network high complexity rust-lang fedoraproject opensuse CWE-787	8.1
2019-05-10	CVE-2019-11884	The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. local low complexity linux fedoraproject debian canonical redhat opensuse	3.3
2019-05-09	CVE-2019-11831	Deserialization of Untrusted Data vulnerability in multiple products The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. network low complexity typo3 debian fedoraproject drupal joomla CWE-502 critical	9.8
2019-05-08	CVE-2019-11494	NULL Pointer Dereference vulnerability in multiple products In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. network low complexity dovecot fedoraproject opensuse CWE-476	7.5
2019-05-08	CVE-2019-11499	In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. network low complexity dovecot fedoraproject opensuse	7.5
2019-05-07	CVE-2019-7443	Improper Input Validation vulnerability in multiple products KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. network high complexity kde opensuse fedoraproject CWE-20	8.1
2019-05-03	CVE-2019-11036	Out-of-bounds Read vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. network low complexity php fedoraproject redhat canonical debian opensuse CWE-125 critical	9.1
2019-04-29	CVE-2019-5429	Untrusted Search Path vulnerability in multiple products Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory. local low complexity filezilla-project debian fedoraproject CWE-426	7.8
2019-04-26	CVE-2019-3843	Improper Privilege Management vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. local low complexity systemd-project fedoraproject canonical netapp CWE-269	7.8

Vulnerabilities > Fedoraproject {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Fedoraproject"}]}

Vulnerabilities > Fedoraproject