Vulnerabilities > Fedoraproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2018-12207 | Improper Input Validation vulnerability in multiple products Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | 6.5 |
| 2019-11-14 | CVE-2019-11135 | TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | 6.5 |
| 2019-11-14 | CVE-2012-1169 | Information Exposure vulnerability in multiple products Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. | 5.3 |
| 2019-11-14 | CVE-2012-1161 | Information Exposure vulnerability in multiple products Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results | 4.3 |
| 2019-11-14 | CVE-2012-1159 | Information Exposure vulnerability in multiple products Moodle before 2.2.2: Overview report allows users to see hidden courses | 4.3 |
| 2019-11-14 | CVE-2012-1158 | Information Exposure vulnerability in multiple products Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | 4.3 |
| 2019-11-14 | CVE-2012-1157 | Incorrect Default Permissions vulnerability in multiple products Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | 4.3 |
| 2019-11-12 | CVE-2010-4177 | Cleartext Transmission of Sensitive Information vulnerability in multiple products mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. | 5.5 |
| 2019-11-12 | CVE-2010-3439 | Improper Input Validation vulnerability in multiple products It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | 6.5 |
| 2019-11-11 | CVE-2019-18849 | Out-of-bounds Read vulnerability in multiple products In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. | 5.5 |