Fedora - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Fedora
(Fedoraproject)

Repositories

• https://github.com/torvalds/linux
• https://github.com/phpmyadmin/phpmyadmin
• https://github.com/krb5/krb5
• https://github.com/mdadams/jasper
• https://github.com/uclouvain/openjpeg

• https://github.com/golang/go
• https://github.com/FasterXML/jackson-databind
• https://github.com/ntp-project/ntp
• https://github.com/apache/httpd
• https://github.com/dbry/WavPack
• https://github.com/json-c/json-c
• https://github.com/jquery/jquery-ui
• https://github.com/ClusterLabs/pcs
• https://github.com/newsoft/libvncserver
• https://github.com/horde/horde
• https://github.com/ipython/ipython
• https://github.com/wesnoth/wesnoth
• https://github.com/saltstack/salt
• git://git.openssl.org/openssl.git
•
• https://github.com/haproxy/haproxy
• https://github.com/pyca/cryptography
• https://github.com/dajobe/raptor
• https://github.com/opencontainers/runc
• https://github.com/openstack/swift
• https://github.com/openssh/openssh-portable
• https://github.com/collectd/collectd
• https://github.com/mongodb/mongo
• https://github.com/ADOdb/ADOdb
• https://github.com/igniterealtime/Smack
• https://github.com/SELinuxProject/selinux
• https://github.com/dlitz/pycrypto
• https://github.com/teeworlds/teeworlds
• https://github.com/karelzak/util-linux
• https://git.kernel.org/pub/scm/git/git.git
• https://github.com/cyrusimap/cyrus-imapd
• https://github.com/ceph/ceph
• https://github.com/lepture/mistune
• https://github.com/MariaDB/server
• https://github.com/golang/net
• https://github.com/FreeRDP/FreeRDP
• https://github.com/sleuthkit/sleuthkit
• https://github.com/Perl/perl5
• https://github.com/python/cpython
• https://github.com/libjpeg-turbo/libjpeg-turbo
• https://github.com/libuv/libuv
• https://github.com/mysql/mysql-server
• https://github.com/libgd/libgd
• https://github.com/SpiderLabs/ModSecurity
• https://github.com/fish-shell/fish-shell
• https://github.com/php/php-src
• https://github.com/quassel/quassel
• https://github.com/ocaml/ocaml
• https://github.com/LibRaw/LibRaw
• https://github.com/sddm/sddm
• https://github.com/axkibe/lsyncd
• https://github.com/visionmedia/send
• https://github.com/rawstudio/rawstudio
• https://github.com/cherokee/webserver
• https://github.com/numpy/numpy
• https://github.com/rjbs/Email-Address
• https://github.com/openid/ruby-openid
• https://github.com/moxiecode/plupload
• https://github.com/libarchive/libarchive

#Vulnerabilities

5329

Date	Id	Summary	Products	Score	Patch	Annotated
2023-11-06	CVE-2023-4535	An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.	Fedora, Opensc, Enterprise_linux	3.8
2023-11-08	CVE-2023-5996	Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	Debian_linux, Fedora, Chrome	8.8
2023-11-09	CVE-2023-39198	A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.	Fedora, Linux_kernel, Enterprise_linux	6.4
2023-11-09	CVE-2023-5539	A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.	Extra_packages_for_enterprise_linux, Fedora, Moodle	8.8
2023-11-09	CVE-2023-5540	A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.	Extra_packages_for_enterprise_linux, Fedora, Moodle	8.8
2023-11-09	CVE-2023-5542	Students in "Only see own membership" groups could see other students in the group, which should be hidden.	Extra_packages_for_enterprise_linux, Fedora, Moodle	4.3
2023-11-09	CVE-2023-5544	Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.	Fedora, Moodle, Enterprise_linux	5.4
2023-11-09	CVE-2023-5545	H5P metadata automatically populated the author with the user's username, which could be sensitive information.	Extra_packages_for_enterprise_linux, Fedora, Moodle	5.3
2023-11-09	CVE-2023-5546	ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.	Fedora, Moodle, Enterprise_linux	5.4
2023-11-09	CVE-2023-5547	The course upload preview contained an XSS risk for users uploading unsafe data.	Fedora, Moodle, Enterprise_linux	6.1