Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2018-12-19 CVE-2018-16883 Information Exposure vulnerability in Fedoraproject Sssd
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter.
local
low complexity
fedoraproject CWE-200
5.5
5.5
2018-12-18 CVE-2018-19790 Open Redirect vulnerability in multiple products
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1.
network
low complexity
sensiolabs fedoraproject debian CWE-601
6.1
6.1
2018-12-17 CVE-2018-20123 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.
local
low complexity
qemu canonical fedoraproject CWE-772
5.5
5.5
2018-12-13 CVE-2018-16872 A flaw was found in qemu Media Transfer Protocol (MTP).
network
high complexity
qemu debian fedoraproject canonical opensuse
5.3
5.3
2018-12-13 CVE-2018-19489 Race Condition vulnerability in multiple products
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. 		4.7
4.7
2018-12-13 CVE-2018-19364 Use After Free vulnerability in multiple products
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. 		5.5
5.5
2018-12-12 CVE-2018-16867 Race Condition vulnerability in multiple products
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0.
local
high complexity
qemu fedoraproject canonical CWE-362
7.8
7.8
2018-12-12 CVE-2018-20097 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3.
network
low complexity
exiv2 debian fedoraproject redhat CWE-119
6.5
6.5
2018-12-11 CVE-2018-20060 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme).
network
low complexity
python fedoraproject
critical
 9.8
9.8
2018-12-10 CVE-2018-20005 Use After Free vulnerability in multiple products
An issue has been found in Mini-XML (aka mxml) 2.12.
local
low complexity
msweet fedoraproject CWE-416
5.5
5.5