Fedoraproject Security Vulnerabilities
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During comm...
6.5CVSS
6.3AI Score
0.001EPSS
Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8CVSS
8.8AI Score
0.003EPSS
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)
6.5CVSS
6.5AI Score
0.001EPSS
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)
6.1CVSS
6.1AI Score
0.001EPSS
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
8.8CVSS
7.9AI Score
0.001EPSS
Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
6.5CVSS
6.3AI Score
0.002EPSS
Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
6.5CVSS
6.5AI Score
0.001EPSS
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
8.8CVSS
8.5AI Score
0.0005EPSS
7.8CVSS
7.6AI Score
0.001EPSS
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
8.8CVSS
9.3AI Score
0.002EPSS
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
8.8CVSS
8.7AI Score
0.002EPSS
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
4.3CVSS
4.4AI Score
0.001EPSS
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
3.3CVSS
6.1AI Score
0.0004EPSS
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
6.5CVSS
6.8AI Score
0.001EPSS
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
5.3CVSS
5.1AI Score
0.001EPSS
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
5.4CVSS
5AI Score
0.001EPSS
6.1CVSS
7.3AI Score
0.001EPSS
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
5.3CVSS
7AI Score
0.001EPSS
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
5.3CVSS
5AI Score
0.001EPSS
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
9.8CVSS
9.3AI Score
0.003EPSS
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
3.3CVSS
4AI Score
0.0004EPSS
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
8.8CVSS
7AI Score
0.001EPSS
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
7.8CVSS
7.5AI Score
0.0004EPSS
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8CVSS
8.5AI Score
0.002EPSS
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
4.3CVSS
5.1AI Score
0.001EPSS
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
4.3CVSS
4.9AI Score
0.001EPSS
Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
8.8CVSS
8.9AI Score
0.002EPSS
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
4.3CVSS
5AI Score
0.002EPSS
Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
8.8CVSS
8.9AI Score
0.002EPSS
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
8.8CVSS
8.9AI Score
0.002EPSS
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
8.8CVSS
8.8AI Score
0.002EPSS
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)
8.8CVSS
8.4AI Score
0.005EPSS
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
4.3CVSS
4.9AI Score
0.002EPSS
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)
4.3CVSS
4.9AI Score
0.002EPSS
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.
7.8CVSS
7.2AI Score
0.0004EPSS
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
5.9CVSS
6.7AI Score
0.001EPSS
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8CVSS
8.8AI Score
0.002EPSS
Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8CVSS
8.8AI Score
0.002EPSS
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
4.8CVSS
5.6AI Score
0.0004EPSS
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8CVSS
8.8AI Score
0.002EPSS
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run...
8.8CVSS
8.7AI Score
0.001EPSS
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the ...
8.8CVSS
8.6AI Score
0.001EPSS
A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashe...
6.7CVSS
6.5AI Score
0.0004EPSS
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename ...
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on struct net_device, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could le...
7CVSS
7AI Score
0.0004EPSS
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
6.5CVSS
6.1AI Score
0.001EPSS
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8CVSS
9AI Score
0.002EPSS
Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8CVSS
9AI Score
0.002EPSS