Vulnerabilities > Fedoraproject > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-27 | CVE-2019-10195 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. | 6.5 |
2019-11-26 | CVE-2019-18678 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8. | 5.3 |
2019-11-26 | CVE-2019-18677 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). | 6.1 |
2019-11-25 | CVE-2019-10224 | Information Exposure vulnerability in Fedoraproject 389 Directory Server A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. | 4.6 |
2019-11-25 | CVE-2012-5644 | Information Exposure vulnerability in multiple products libuser has information disclosure when moving user's home directory | 5.5 |
2019-11-25 | CVE-2012-5630 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. | 6.3 |
2019-11-25 | CVE-2019-14891 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. | 5.0 |
2019-11-22 | CVE-2015-7810 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files | 4.7 |
2019-11-21 | CVE-2019-19221 | Out-of-bounds Read vulnerability in multiple products In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. | 5.5 |
2019-11-21 | CVE-2015-2793 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi. | 6.1 |