Vulnerabilities > Fedoraproject > Fedora > 38
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-19 | CVE-2024-25980 | Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. | 5.3 |
| 2024-02-19 | CVE-2024-25981 | Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. | 5.3 |
| 2024-02-19 | CVE-2024-25982 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. | 8.8 |
| 2024-02-19 | CVE-2024-25983 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). | 5.3 |
| 2024-02-12 | CVE-2024-1454 | The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. | 3.4 |
| 2024-02-12 | CVE-2023-6681 | A vulnerability was found in JWCrypto. | 5.3 |
| 2024-02-12 | CVE-2023-52429 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. | 5.5 |
| 2024-02-11 | CVE-2024-1151 | Out-of-bounds Write vulnerability in multiple products A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. | 5.5 |
| 2024-02-07 | CVE-2024-20290 | Out-of-bounds Read vulnerability in multiple products A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. | 7.5 |
| 2024-02-07 | CVE-2024-1283 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.8 |