#Vulnerabilities 784
Date ID Summary Products Score Patch
2019-11-21 CVE-2019-18888 An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x). Fedora, Symfony N/A
2019-11-21 CVE-2019-18887 An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel. Fedora, Symfony N/A
2019-11-22 CVE-2019-18622 An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. Fedora, Backports_sle, Leap, Phpmyadmin N/A
2019-11-25 CVE-2019-14891 A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host. Fedora, Cri\-O, Openshift_container_platform N/A
2019-11-15 CVE-2014-0021 Chrony before 1.29.1 has traffic amplification in cmdmon protocol Chrony, Debian_linux, Fedora N/A
2019-11-25 CVE-2012-5644 libuser has information disclosure when moving user's home directory Debian_linux, Fedora, Libuser, Enterprise_linux N/A
2019-11-25 CVE-2012-5630 libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. Fedora, Libuser, Enterprise_linux N/A
2019-11-21 CVE-2012-4524 xlockmore before 5.43 'dclock' security bypass vulnerability Fedora, Xlockmore N/A
2019-11-15 CVE-2011-2726 An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL. Debian_linux, Drupal, Fedora, Enterprise_linux N/A
2019-11-21 CVE-2015-2793 Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi. Fedora, Ikiwiki N/A