Total
5364 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6510 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
|
|||||
| CVE-2023-6509 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)
|
|||||
| CVE-2023-6508 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-6395 | 2 Fedoraproject, Rpm-software-management | 3 Extra Packages For Enterprise Linux, Fedora, Mock | 2024-11-21 | N/A | 6.7 MEDIUM |
|
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users mi ...
Show More |
|||||
| CVE-2023-6351 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
|
|||||
| CVE-2023-6350 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
|
|||||
| CVE-2023-6348 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-6346 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-6277 | 3 Fedoraproject, Libtiff, Redhat | 3 Fedora, Libtiff, Enterprise Linux | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
|
|||||
| CVE-2023-6246 | 2 Fedoraproject, Gnu | 2 Fedora, Glibc | 2024-11-21 | N/A | 8.4 HIGH |
|
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.
|
|||||
| CVE-2023-6238 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | N/A | 6.7 MEDIUM |
|
A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.
|
|||||
| CVE-2023-6112 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-5997 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-5996 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-5972 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | N/A | 7.0 HIGH |
|
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.
|
|||||
| CVE-2023-5859 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2023-5857 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)
|
|||||
| CVE-2023-5853 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-5851 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-5850 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
|
|||||
| CVE-2023-5764 | 2 Fedoraproject, Redhat | 7 Extra Packages For Enterprise Linux, Fedora, Ansible and 4 more | 2024-11-21 | N/A | 7.1 HIGH |
|
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
|
|||||
| CVE-2023-5686 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | N/A | 8.8 HIGH |
|
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
|
|||||
| CVE-2023-5551 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 3.3 LOW |
|
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
|
|||||
| CVE-2023-5550 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 6.5 MEDIUM |
|
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
|
|||||
| CVE-2023-5549 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 3.3 LOW |
|
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
|
|||||
| CVE-2023-5548 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 3.3 LOW |
|
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
|
|||||
| CVE-2023-5547 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | N/A | 3.3 LOW |
|
The course upload preview contained an XSS risk for users uploading unsafe data.
|
|||||
| CVE-2023-5546 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | N/A | 4.3 MEDIUM |
|
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
|
|||||
| CVE-2023-5545 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 3.3 LOW |
|
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
|
|||||
| CVE-2023-5544 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
|
|||||
| CVE-2023-5543 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 3.3 LOW |
|
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
|
|||||
| CVE-2023-5542 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 3.3 LOW |
|
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
|
|||||
| CVE-2023-5540 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 4.7 MEDIUM |
|
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
|
|||||
| CVE-2023-5539 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 4.7 MEDIUM |
|
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
|
|||||
| CVE-2023-5535 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
|
Use After Free in GitHub repository vim/vim prior to v9.0.2010.
|
|||||
| CVE-2023-5517 | 3 Fedoraproject, Isc, Netapp | 3 Fedora, Bind, Active Iq Unified Manager | 2024-11-21 | N/A | 7.5 HIGH |
|
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:
- `nxdomain-redirect <domain>;` is configured, and
- the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.
This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
|
|||||
| CVE-2023-5487 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
|
|||||
| CVE-2023-5484 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-5480 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)
|
|||||
| CVE-2023-5475 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)
|
|||||