Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 4931 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-5851 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 4.3 MEDIUM
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-5850 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 4.3 MEDIUM
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
CVE-2023-5849 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-5764 2 Fedoraproject, Redhat 7 Extra Packages For Enterprise Linux, Fedora, Ansible and 4 more 2024-11-21 N/A 7.1 HIGH
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
CVE-2023-5686 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 N/A 8.8 HIGH
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
CVE-2023-5551 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 N/A 3.3 LOW
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
CVE-2023-5550 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 N/A 6.5 MEDIUM
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
CVE-2023-5549 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 N/A 3.3 LOW
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
CVE-2023-5548 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 N/A 3.3 LOW
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
CVE-2023-5547 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 N/A 3.3 LOW
The course upload preview contained an XSS risk for users uploading unsafe data.
CVE-2023-5546 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 N/A 4.3 MEDIUM
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
CVE-2023-5545 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 N/A 3.3 LOW
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVE-2023-5544 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 N/A 6.5 MEDIUM
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVE-2023-5543 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 N/A 3.3 LOW
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
CVE-2023-5542 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 N/A 3.3 LOW
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
CVE-2023-5540 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 N/A 4.7 MEDIUM
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
CVE-2023-5539 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 N/A 4.7 MEDIUM
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
CVE-2023-5535 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 N/A 7.8 HIGH
Use After Free in GitHub repository vim/vim prior to v9.0.2010.
CVE-2023-5517 3 Fedoraproject, Isc, Netapp 3 Fedora, Bind, Active Iq Unified Manager 2024-11-21 N/A 7.5 HIGH
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
CVE-2023-5487 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 N/A 6.5 MEDIUM
Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)