Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-27 | CVE-2023-42453 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for... | Fedora, Synapse | 4.3 | ||
| 2023-09-27 | CVE-2023-5157 | A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | Fedora, Mariadb, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus | 7.5 | ||
| 2023-09-27 | CVE-2023-5169 | A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | Debian_linux, Fedora, Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2023-09-27 | CVE-2023-5171 | During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | Debian_linux, Fedora, Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2023-09-28 | CVE-2023-42756 | A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. | Debian_linux, Fedora, Linux_kernel, Enterprise_linux | 4.7 | ||
| 2023-09-28 | CVE-2023-5186 | Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) | Debian_linux, Fedora, Chrome | 8.8 | ||
| 2023-09-28 | CVE-2023-5187 | Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Debian_linux, Fedora, Chrome | 8.8 | ||
| 2023-09-30 | CVE-2023-44488 | VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | Debian_linux, Fedora, Enterprise_linux, Libvpx | 7.5 | ||
| 2023-10-02 | CVE-2023-5344 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | Fedora, Vim | 7.5 | ||
| 2023-10-04 | CVE-2023-39191 | An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. | Fedora, Linux_kernel, Enterprise_linux | 8.2 |