Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-27 CVE-2019-18660 Information Exposure vulnerability in multiple products
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58.
4.7
2019-11-27 CVE-2016-1000110 Open Redirect vulnerability in multiple products
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
network
low complexity
python debian fedoraproject CWE-601
6.1
2019-11-27 CVE-2019-10195 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations.
network
low complexity
freeipa fedoraproject CWE-532
6.5
2019-11-26 CVE-2019-18678 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Squid 3.x and 4.x through 4.8.
5.3
2019-11-26 CVE-2019-18677 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions).
network
low complexity
squid-cache canonical fedoraproject CWE-352
6.1
2019-11-25 CVE-2019-10224 Information Exposure vulnerability in Fedoraproject 389 Directory Server
A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3.
low complexity
fedoraproject CWE-200
4.6
2019-11-25 CVE-2012-5644 Information Exposure vulnerability in multiple products
libuser has information disclosure when moving user's home directory
5.5
2019-11-25 CVE-2012-5630 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
6.3
2019-11-25 CVE-2019-14891 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup.
network
high complexity
kubernetes fedoraproject redhat CWE-754
5.0
2019-11-22 CVE-2015-7810 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
local
high complexity
videolan redhat fedoraproject debian CWE-367
4.7