Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5115 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5544 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-08-02 | 6.5 Medium |
| Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | ||||
| CVE-2023-5546 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-08-02 | 4.3 Medium |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2023-5480 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-02 | 6.1 Medium |
| Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) | ||||
| CVE-2023-5550 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 6.5 Medium |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | ||||
| CVE-2023-5487 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-02 | 6.5 Medium |
| Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2023-5472 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-02 | 8.8 High |
| Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-5475 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-02 | 6.5 Medium |
| Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2023-5344 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-08-02 | 7.5 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | ||||
| CVE-2023-5346 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-02 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-5217 | 8 Apple, Debian, Fedoraproject and 5 more | 17 Ipad Os, Iphone Os, Debian Linux and 14 more | 2024-08-02 | 8.8 High |
| Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-5187 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-02 | 8.8 High |
| Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-5186 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-02 | 8.8 High |
| Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) | ||||
| CVE-2023-5218 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-02 | 8.8 High |
| Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2023-5171 | 4 Debian, Fedoraproject, Mozilla and 1 more | 10 Debian Linux, Fedora, Firefox and 7 more | 2024-08-02 | 6.5 Medium |
| During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | ||||
| CVE-2023-5169 | 4 Debian, Fedoraproject, Mozilla and 1 more | 10 Debian Linux, Fedora, Firefox and 7 more | 2024-08-02 | 6.5 Medium |
| A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | ||||
| CVE-2023-5002 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin | 2024-08-02 | 6 Medium |
| A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server. | ||||
| CVE-2023-4909 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-4907 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-4904 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-02 | 4.3 Medium |
| Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium) | ||||
| CVE-2023-4903 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||