Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-25 | CVE-2023-4156 | A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. | Fedora, Gawk, Enterprise_linux | 7.1 | ||
| 2023-09-25 | CVE-2022-4318 | A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. | Extra_packages_for_enterprise_linux, Fedora, Cri\-O, Openshift_container_platform_for_arm64, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems | 7.8 | ||
| 2023-09-27 | CVE-2023-41074 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | Ipados, Iphone_os, Macos, Safari, Tvos, Watchos, Debian_linux, Fedora | 8.8 | ||
| 2023-09-27 | CVE-2023-41335 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for... | Fedora, Synapse | 3.7 | ||
| 2023-09-27 | CVE-2023-42453 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for... | Fedora, Synapse | 4.3 | ||
| 2023-09-27 | CVE-2023-5157 | A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | Fedora, Mariadb, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus | 7.5 | ||
| 2023-09-27 | CVE-2023-5169 | A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | Debian_linux, Fedora, Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2023-09-27 | CVE-2023-5171 | During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | Debian_linux, Fedora, Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2023-09-28 | CVE-2023-42756 | A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. | Debian_linux, Fedora, Linux_kernel, Enterprise_linux | 4.7 | ||
| 2023-09-28 | CVE-2023-5186 | Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) | Debian_linux, Fedora, Chrome | 8.8 |