Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fedoraproject fedora 39 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-5544
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
Moodle Moodle
Redhat Enterprise Linux 7.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
5.4
CVSSv3
CVE-2023-5546
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
Moodle Moodle
Redhat Enterprise Linux 7.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
1 Github repository
6.1
CVSSv3
CVE-2023-5547
The course upload preview contained an XSS risk for users uploading unsafe data.
Moodle Moodle
Redhat Enterprise Linux 7.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
8.1
CVSSv3
CVE-2023-43804
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header an...
Python Urllib3
Debian Debian Linux 10.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
3 Github repositories
7.5
CVSSv3
CVE-2023-41909
An issue exists in FRRouting FRR up to and including 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.
Frrouting Frrouting
Debian Debian Linux 10.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
6.5
CVSSv3
CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It coul...
Haxx Curl
Fedoraproject Fedora 39
9.8
CVSSv3
CVE-2023-39332
Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004)...
Nodejs Node.js
Fedoraproject Fedora 39
6.5
CVSSv3
CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to pr...
Aiohttp Aiohttp
Fedoraproject Fedora 39
6.5
CVSSv3
CVE-2023-42670
A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes ...
Samba Samba
Fedoraproject Fedora 39
7.5
CVSSv3
CVE-2023-41164
In Django 3.2 prior to 3.2.21, 4.1 prior to 4.1.11, and 4.2 prior to 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Djangoproject Django
Fedoraproject Fedora 39
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »