Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2023-11-06 CVE-2023-47272 Cross-site Scripting vulnerability in multiple products
Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
network
low complexity
roundcube fedoraproject debian CWE-79
6.1
6.1
2023-11-03 CVE-2023-3961 Path Traversal vulnerability in multiple products
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory.
network
low complexity
samba redhat fedoraproject CWE-22
critical
 9.8
9.8
2023-11-03 CVE-2023-1194 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel.
network
low complexity
linux fedoraproject CWE-125
8.1
8.1
2023-11-03 CVE-2023-42670 A flaw was found in Samba.
network
low complexity
samba fedoraproject
6.5
6.5
2023-11-03 CVE-2023-4091 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes".
network
low complexity
samba fedoraproject redhat CWE-276
6.5
6.5
2023-11-03 CVE-2023-41164 Improper Validation of Specified Quantity in Input vulnerability in multiple products
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
network
low complexity
djangoproject fedoraproject CWE-1284
7.5
7.5
2023-11-03 CVE-2023-41914 Race Condition vulnerability in multiple products
SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.
local
high complexity
schedmd fedoraproject CWE-362
7.0
7.0
2023-11-03 CVE-2023-43665 Improper Validation of Specified Quantity in Input vulnerability in multiple products
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text.
network
low complexity
djangoproject fedoraproject CWE-1284
7.5
7.5
2023-11-03 CVE-2023-44271 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Pillow before 10.0.0.
network
low complexity
python fedoraproject CWE-770
7.5
7.5
2023-11-01 CVE-2023-5480 Cross-site Scripting vulnerability in multiple products
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file.
network
low complexity
google debian fedoraproject CWE-79
6.1
6.1