Fedoraproject ≫ Fedora

ClamAV before 0.97.7: dbg_printhex possible information leak

Chrony before 1.29.1 has traffic amplification in cmdmon protocol

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating ...

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM me...

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export