Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-01-18 | CVE-2023-22809 | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim --... | Macos, Debian_linux, Fedora, Sudo | 7.8 | ||
| 2023-06-22 | CVE-2023-34241 | OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The... | Macos, Debian_linux, Fedora, Cups | 7.1 | ||
| 2023-10-18 | CVE-2023-39332 | Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects. This is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of... | Fedora, Node\.js | 9.8 | ||
| 2023-11-09 | CVE-2023-5550 | In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 9.8 | ||
| 2023-11-09 | CVE-2023-5551 | Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 3.3 | ||
| 2023-11-09 | CVE-2023-5539 | A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 8.8 | ||
| 2023-11-09 | CVE-2023-5540 | A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 8.8 | ||
| 2023-11-09 | CVE-2023-5542 | Students in "Only see own membership" groups could see other students in the group, which should be hidden. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 4.3 | ||
| 2023-11-09 | CVE-2023-5548 | Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 | ||
| 2023-11-09 | CVE-2023-5549 | Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 |