fedora vulnerabilities and exploits

5
CVSSv2
CVE-2019-10222

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW...

4
CVSSv2
CVE-2012-0049

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server....

2.1
CVSSv2
CVE-2010-4178

MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console...

4.3
CVSSv2
CVE-2016-1000037

Pagure: XSS possible in file attachment endpoint...

4.9
CVSSv2
CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script...

4
CVSSv2
CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue....

4.3
CVSSv2
CVE-2013-5123

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks....

7.5
CVSSv2
CVE-2015-8980

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code....

7.5
CVSSv2
CVE-2013-4409

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests....

4.6
CVSSv2
CVE-2013-4251

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories....