Fedora Security Vulnerabilities
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupport...
7.5CVSS
7.1AI Score
0.001EPSS
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3....
7.5CVSS
7AI Score
0.002EPSS
In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10.
6.5CVSS
6.2AI Score
0.001EPSS
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 ...
5.3CVSS
5.2AI Score
0.002EPSS
In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.
6.1CVSS
6AI Score
0.001EPSS
The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.
5.3CVSS
5.1AI Score
0.002EPSS
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
7.5CVSS
7.2AI Score
0.028EPSS
A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.
6.5CVSS
6.2AI Score
0.003EPSS
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
8.1CVSS
8.1AI Score
0.001EPSS
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.
8.8CVSS
8.3AI Score
0.002EPSS
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could...
7.2CVSS
7.5AI Score
0.001EPSS
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.
8.8CVSS
8.5AI Score
0.002EPSS
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack->cache, which causes an heap-use-after-free problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referr...
5.5CVSS
6AI Score
0.001EPSS
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
6.1CVSS
6.2AI Score
0.001EPSS
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
5.3CVSS
6AI Score
0.002EPSS
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (...
6.1CVSS
6.3AI Score
0.001EPSS
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().
6.1CVSS
6.6AI Score
0.002EPSS
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across m...
7.5CVSS
7.3AI Score
0.002EPSS
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is...
6.1CVSS
6.5AI Score
0.002EPSS
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.
7.5CVSS
7.3AI Score
0.006EPSS
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.
7.5CVSS
7.3AI Score
0.005EPSS
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.
7.5CVSS
7.4AI Score
0.003EPSS
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.
7.5CVSS
7.2AI Score
0.002EPSS
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
7.2CVSS
7.3AI Score
0.004EPSS
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even with...
6.1CVSS
6.3AI Score
0.001EPSS
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restric...
7.5CVSS
7.2AI Score
0.001EPSS
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
9.8CVSS
9.4AI Score
0.017EPSS
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /send_join, /send_leave, /invit...
6.5CVSS
6.3AI Score
0.002EPSS
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly availa...
7.7CVSS
7.9AI Score
0.902EPSS
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing ...
6.8CVSS
7.3AI Score
0.576EPSS
Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value o...
7.2CVSS
6.8AI Score
0.002EPSS
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
5.3CVSS
5.4AI Score
0.005EPSS
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
5.3CVSS
5.5AI Score
0.003EPSS
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
5.3CVSS
5.4AI Score
0.003EPSS
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
5.3CVSS
5.5AI Score
0.004EPSS
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
5.5CVSS
5.3AI Score
0.003EPSS
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
7.5CVSS
7.2AI Score
0.002EPSS
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
5.4CVSS
6.3AI Score
0.001EPSS
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiati...
4.2CVSS
6.1AI Score
0.001EPSS
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
5.5CVSS
5.6AI Score
0.001EPSS
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
5.5CVSS
5.6AI Score
0.0004EPSS
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
5.5CVSS
5.6AI Score
0.001EPSS
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
7.5CVSS
7.3AI Score
0.005EPSS
Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.
7.5CVSS
7.5AI Score
0.002EPSS
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
7.8CVSS
7.5AI Score
0.0004EPSS
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the ...
7.5CVSS
7.4AI Score
0.008EPSS
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
9.8CVSS
9.3AI Score
0.002EPSS
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
6.1CVSS
7AI Score
0.009EPSS
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
9.8CVSS
9.4AI Score
0.008EPSS
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affe...
4.7CVSS
6AI Score
0.0005EPSS