Filtered by vendor Fedoraproject
Subscribe
Total
5187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5539 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 4.7 MEDIUM |
| A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | |||||
| CVE-2023-5535 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to v9.0.2010. | |||||
| CVE-2023-5528 | 2 Fedoraproject, Kubernetes | 2 Fedora, Kubernetes | 2024-11-21 | N/A | 7.2 HIGH |
| A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. | |||||
| CVE-2023-5517 | 3 Fedoraproject, Isc, Netapp | 3 Fedora, Bind, Active Iq Unified Manager | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | |||||
| CVE-2023-5487 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2023-5484 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-5482 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-5480 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 6.1 MEDIUM |
| Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) | |||||
| CVE-2023-5475 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2023-5472 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-5455 | 3 Fedoraproject, Freeipa, Redhat | 21 Fedora, Freeipa, Codeready Linux Builder and 18 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. | |||||
| CVE-2023-5441 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. | |||||
| CVE-2023-5380 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. | |||||
| CVE-2023-5367 | 4 Debian, Fedoraproject, Redhat and 1 more | 12 Debian Linux, Fedora, Enterprise Linux and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
| A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. | |||||
| CVE-2023-5349 | 2 Fedoraproject, Rmagick | 2 Fedora, Rmagick | 2024-11-21 | N/A | 5.3 MEDIUM |
| A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion. | |||||
| CVE-2023-5346 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-5345 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. | |||||
| CVE-2023-5344 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.5 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | |||||
| CVE-2023-5341 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-11-21 | N/A | 6.2 MEDIUM |
| A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. | |||||
| CVE-2023-5218 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||