Vulnerabilities (CVE)

Vendor filter

Fedoraproject Subscribe

Filter

743 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-3720 2 Fasterxml, Fedoraproject 3 Jackson, Fedora, Jackson-dataformat-xml 2019-10-10 7.5
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
CVE-2019-5420 3 Rubyonrails, Debian, Fedoraproject 3 Rails, Debian Linux, Fedora 2019-10-09 7.5
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails...
CVE-2019-3851 2 Moodle, Fedoraproject 2 Moodle, Fedora 2019-10-09 N/A
A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.
CVE-2019-3833 3 Openwsman Project, Fedoraproject, Opensuse 3 Openwsman, Fedora, Leap 2019-10-09 5.0
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP...
CVE-2019-14844 3 Mit, Fedoraproject, Redhat 3 Kerberos, Fedora, Enterprise Linux 2019-10-09 5.0
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
CVE-2019-10191 2 Fedoraproject, Knot-resolver 2 Fedora, Knot Resolver 2019-10-09 5.0
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure...
CVE-2019-10171 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux Server Eus 2019-10-09 7.8
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.
CVE-2018-1090 3 Pulpproject, Redhat, Fedoraproject 3 Pulp, Satellite, Fedora 2019-10-09 5.0
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
CVE-2018-1089 3 Fedoraproject, Redhat, Debian 5 389 Directory Server, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-10-09 5.0
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make...
CVE-2018-16883 1 Fedoraproject 1 Sssd 2019-10-09 2.1
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed...
CVE-2018-16867 3 Qemu, Canonical, Fedoraproject 3 Qemu, Ubuntu Linux, Fedora 2019-10-09 4.6
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode,...
CVE-2018-14648 3 Fedoraproject, Debian, Redhat 3 389 Directory Server, Debian Linux, Enterprise Linux 2019-10-09 7.8
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
CVE-2018-14638 2 Fedoraproject, Redhat 7 389 Directory Server, Enterprise Linux Aus, Enterprise Linux Desktop and 4 more 2019-10-09 5.0
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
CVE-2018-12545 2 Eclipse, Fedoraproject 2 Jetty, Fedora 2019-10-09 5.0
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due...
CVE-2018-10871 2 Fedoraproject, Debian 2 389 Directory Server, Debian Linux 2019-10-09 4.0
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their...
CVE-2018-10852 3 Fedoraproject, Debian, Redhat 5 Sssd, Debian Linux, Enterprise Linux Desktop and 2 more 2019-10-09 5.0
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules...
CVE-2017-7496 1 Fedoraproject 1 Arm Installer 2019-10-09 4.4
fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.
CVE-2017-2668 2 Fedoraproject, Redhat 4 389 Directory Server, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-10-09 4.3
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP...
CVE-2017-2591 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2019-10-09 5.0
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated,...
CVE-2017-12173 2 Fedoraproject, Redhat 6 Sssd, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2019-10-09 4.0
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for...