Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-07-22 | CVE-2023-38633 | A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. | Debian_linux, Fedora, Librsvg | 5.5 | ||
| 2023-07-24 | CVE-2023-1386 | A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host. | Fedora, Qemu | 7.8 | ||
| 2023-07-24 | CVE-2023-38200 | A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections. | Fedora, Keylime, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus | 7.5 | ||
| 2023-07-25 | CVE-2023-3772 | A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. | Debian_linux, Fedora, Linux_kernel, Enterprise_linux, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv | 4.4 | ||
| 2023-07-25 | CVE-2023-3773 | A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace. | Debian_linux, Fedora, Linux_kernel, Enterprise_linux | 4.4 | ||
| 2023-07-29 | CVE-2022-4907 | Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | Debian_linux, Fedora, Chrome | 8.8 | ||
| 2023-07-29 | CVE-2022-4917 | Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low) | Fedora, Chrome | 4.3 | ||
| 2023-07-29 | CVE-2022-4926 | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | Fedora, Chrome | 6.5 | ||
| 2023-07-31 | CVE-2023-4004 | A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. | Debian_linux, Fedora, Linux_kernel, H300s, H410s, H500s, H700s, Enterprise_linux | 7.8 | ||
| 2023-08-01 | CVE-2023-38559 | A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. | Ghostscript, Debian_linux, Fedora, Enterprise_linux | 5.5 |