Vulnerabilities > Fedoraproject > Fedora > 37
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-6112 | Use After Free vulnerability in multiple products Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-11-14 | CVE-2023-5528 | A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. | 8.8 |
| 2023-11-09 | CVE-2023-5544 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | 5.4 |
| 2023-11-09 | CVE-2023-5546 | Cross-site Scripting vulnerability in multiple products ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | 5.4 |
| 2023-11-09 | CVE-2023-5547 | Cross-site Scripting vulnerability in multiple products The course upload preview contained an XSS risk for users uploading unsafe data. | 6.1 |
| 2023-11-06 | CVE-2023-47272 | Cross-site Scripting vulnerability in multiple products Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). | 6.1 |
| 2023-11-03 | CVE-2023-1194 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. | 8.1 |
| 2023-11-01 | CVE-2023-5480 | Cross-site Scripting vulnerability in multiple products Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. | 6.1 |
| 2023-11-01 | CVE-2023-5482 | Insufficient Verification of Data Authenticity vulnerability in multiple products Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | 8.8 |
| 2023-11-01 | CVE-2023-5849 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |