Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-08	CVE-2023-5996	Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject CWE-416	8.8
2023-11-06	CVE-2023-4535	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. high complexity opensc-project redhat fedoraproject CWE-125	3.8
2023-11-06	CVE-2023-47272	Cross-site Scripting vulnerability in multiple products Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). network low complexity roundcube fedoraproject debian CWE-79	6.1
2023-11-03	CVE-2023-3961	Path Traversal vulnerability in multiple products A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. network low complexity samba redhat fedoraproject CWE-22 critical	9.8
2023-11-03	CVE-2023-1194	Out-of-bounds Read vulnerability in multiple products An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. network low complexity linux fedoraproject CWE-125	8.1
2023-11-03	CVE-2023-42670	A flaw was found in Samba. network low complexity samba fedoraproject	6.5
2023-11-03	CVE-2023-4091	Incorrect Default Permissions vulnerability in multiple products A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". network low complexity samba fedoraproject redhat CWE-276	6.5
2023-11-03	CVE-2023-41164	Improper Validation of Specified Quantity in Input vulnerability in multiple products In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. network low complexity djangoproject fedoraproject CWE-1284	7.5
2023-11-03	CVE-2023-41914	Race Condition vulnerability in multiple products SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. local high complexity schedmd fedoraproject CWE-362	7.0
2023-11-03	CVE-2023-43665	Improper Validation of Specified Quantity in Input vulnerability in multiple products In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. network low complexity djangoproject fedoraproject CWE-1284	7.5