Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-09	CVE-2023-5551	Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. local low complexity moodle fedoraproject	3.3
2023-11-08	CVE-2023-5996	Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject CWE-416	8.8
2023-11-06	CVE-2023-4535	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. high complexity opensc-project redhat fedoraproject CWE-125	3.8
2023-11-06	CVE-2023-47272	Cross-site Scripting vulnerability in multiple products Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). network low complexity roundcube fedoraproject debian CWE-79	6.1
2023-11-03	CVE-2023-3961	Path Traversal vulnerability in multiple products A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. network low complexity samba redhat fedoraproject CWE-22 critical	9.8
2023-11-03	CVE-2023-1194	Out-of-bounds Read vulnerability in multiple products An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. network low complexity linux fedoraproject CWE-125	8.1
2023-11-03	CVE-2023-42670	A flaw was found in Samba. network low complexity samba fedoraproject	6.5
2023-11-03	CVE-2023-4091	Incorrect Default Permissions vulnerability in multiple products A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". network low complexity samba fedoraproject redhat CWE-276	6.5
2023-11-03	CVE-2023-41164	Improper Validation of Specified Quantity in Input vulnerability in multiple products In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. network low complexity djangoproject fedoraproject CWE-1284	7.5
2023-11-03	CVE-2023-41914	Race Condition vulnerability in multiple products SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. local high complexity schedmd fedoraproject CWE-362	7.0