Fedoraproject Fedora vulnerabilities

CVE-2023-5546 [MEDIUM] CWE-79 CVE-2023-5546: ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored X ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

CVE-2023-5545 [MEDIUM] CWE-200 CVE-2023-5545: H5P metadata automatically populated the author with the user's username, which could be sensitive i H5P metadata automatically populated the author with the user's username, which could be sensitive information.

CVE-2023-5543 [LOW] CWE-284 CVE-2023-5543: When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of us When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.

CVE-2023-5551 [LOW] CWE-200 CVE-2023-5551: Separate Groups mode restrictions were not honoured in the forum summary report, which would display Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

CVE-2023-5996 [HIGH] CWE-416 CVE-2023-5996: Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to pot Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-47272 [MEDIUM] CWE-79 CVE-2023-47272: Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposi Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).

CVE-2023-4535 [LOW] CWE-125 CVE-2023-4535: An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handli An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized ac

CVE-2023-3961 [CRITICAL] CWE-22 CVE-2023-3961: A path traversal vulnerability was identified in Samba when processing client pipe names connecting A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of i

CVE-2023-41164 [HIGH] CWE-1284 CVE-2023-41164: In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_i In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

CVE-2023-44271 [HIGH] CWE-770 CVE-2023-44271: An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably alloc An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

CVE-2023-43665 [HIGH] CVE-2023-43665: In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncato In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html a

CVE-2023-41914 [HIGH] CWE-362 CVE-2023-41914: SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions f SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.

CVE-2023-1194 [HIGH] CWE-416 CVE-2023-1194: An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation o An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access in

CVE-2023-4091 [MEDIUM] CWE-276 CVE-2023-4091: A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even w A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 b

CVE-2023-42670 [MEDIUM] CWE-400 CVE-2023-42670: A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC list A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete

CVE-2023-5482 [HIGH] CWE-345 CVE-2023-5482: Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attack Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

CVE-2023-5849 [HIGH] CWE-190 CVE-2023-5849: Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potent Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-5857 [HIGH] CVE-2023-5857: Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)

CVE-2023-5856 [HIGH] CWE-416 CVE-2023-5856: Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-5855 [HIGH] CWE-416 CVE-2023-5855: Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker wh Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)