Vulnerabilities (CVE)

Vendor filter

Fedoraproject Subscribe

Product filter

Fedora Subscribe

Filter

690 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3804 2 Cockpit-project, Fedoraproject 2 Cockpit, Fedora 2019-06-20 N/A
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie...
CVE-2019-10143 2 Freeradius, Fedoraproject 2 Freeradius, Fedora 2019-06-20 6.9
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a...
CVE-2019-3844 2 Freedesktop, Fedoraproject 2 Systemd, Fedora 2019-06-19 4.6
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local...
CVE-2019-3843 2 Freedesktop, Fedoraproject 2 Systemd, Fedora 2019-06-19 4.6
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access...
CVE-2019-10155 4 Libreswan, Openswan, Strongswan and 1 more 4 Libreswan, Openswan, Strongswan and 1 more 2019-06-18 3.5
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity...
CVE-2018-16838 2 Fedoraproject, Redhat 3 Sssd, Enterprise Linux, Virtualization 2019-06-18 5.5
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
CVE-2019-9917 3 Znc, Canonical, Fedoraproject 3 Znc, Ubuntu Linux, Fedora 2019-06-15 4.0
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.
CVE-2019-7221 7 Fedoraproject, Linux, Opensuse and 4 more 16 Fedora, Linux Kernel, Leap and 13 more 2019-06-15 4.6
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2014-9761 6 Gnu, Suse, Fedoraproject and 3 more 10 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 7 more 2019-06-13 7.5
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan,...
CVE-2015-3196 7 Hp, Openssl, Oracle and 4 more 13 Icewall Sso, Icewall Sso Agent Option, Vm Virtualbox and 10 more 2019-06-13 4.3
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of...
CVE-2019-9636 4 Python, Fedoraproject, Redhat and 1 more 10 Python, Fedora, Enterprise Linux Desktop and 7 more 2019-06-13 5.0
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached...
CVE-2019-9658 3 Checkstyle, Debian, Fedoraproject 3 Checkstyle, Debian Linux, Fedora 2019-06-12 5.0
Checkstyle before 8.18 loads external DTDs by default.
CVE-2019-0220 5 Apache, Canonical, Debian and 2 more 5 Http Server, Ubuntu Linux, Debian Linux and 2 more 2019-06-12 5.0
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular...
CVE-2019-0211 5 Apache, Canonical, Debian and 2 more 5 Http Server, Ubuntu Linux, Debian Linux and 2 more 2019-06-11 7.2
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code...
CVE-2019-11091 2 Fedoraproject, Intel 2 Fedora, Microarchitectural Data Sampling Uncacheable Memory Firmware 2019-06-11 4.7
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local...
CVE-2019-10132 2 Redhat, Fedoraproject 2 Libvirt, Fedora 2019-06-11 6.5
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or...
CVE-2018-12130 2 Fedoraproject, Intel 2 Fedora, Microarchitectural Fill Buffer Data Sampling Firmware 2019-06-11 4.7
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list...
CVE-2018-12127 2 Fedoraproject, Intel 2 Fedora, Microarchitectural Load Port Data Sampling Firmware 2019-06-11 4.7
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of...
CVE-2018-12126 2 Fedoraproject, Intel 2 Fedora, Microarchitectural Store Buffer Data Sampling Firmware 2019-06-11 4.7
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list...
CVE-2019-10906 2 Palletsprojects, Fedoraproject 2 Jinja, Fedora 2019-06-06 5.0
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.