Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-03 | CVE-2023-3961 | A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB... | Fedora, Enterprise_linux, Enterprise_linux_eus, Storage, Samba | 9.8 | ||
| 2023-11-06 | CVE-2023-47272 | Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). | Debian_linux, Fedora, Webmail | 6.1 | ||
| 2023-11-06 | CVE-2023-4535 | An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security. | Fedora, Opensc, Enterprise_linux | 3.8 | ||
| 2023-11-08 | CVE-2023-5996 | Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Debian_linux, Fedora, Chrome | 8.8 | ||
| 2023-11-09 | CVE-2023-39198 | A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. | Fedora, Linux_kernel, Enterprise_linux | 6.4 | ||
| 2023-11-09 | CVE-2023-5539 | A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 8.8 | ||
| 2023-11-09 | CVE-2023-5540 | A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 8.8 | ||
| 2023-11-09 | CVE-2023-5542 | Students in "Only see own membership" groups could see other students in the group, which should be hidden. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 4.3 | ||
| 2023-11-09 | CVE-2023-5544 | Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | Fedora, Moodle, Enterprise_linux | 5.4 | ||
| 2023-11-09 | CVE-2023-5545 | H5P metadata automatically populated the author with the user's username, which could be sensitive information. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 |