Vulnerabilities > Fedoraproject > Fedora > 38

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-08	CVE-2023-5996	Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject CWE-416	8.8
2023-11-06	CVE-2023-4535	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. high complexity opensc-project redhat fedoraproject CWE-125	3.8
2023-11-06	CVE-2023-47272	Cross-site Scripting vulnerability in multiple products Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). network low complexity roundcube fedoraproject debian CWE-79	6.1
2023-11-03	CVE-2023-44271	Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Pillow before 10.0.0. network low complexity python fedoraproject CWE-770	7.5
2023-11-01	CVE-2023-5480	Cross-site Scripting vulnerability in multiple products Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. network low complexity google debian fedoraproject CWE-79	6.1
2023-11-01	CVE-2023-5482	Insufficient Verification of Data Authenticity vulnerability in multiple products Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. network low complexity google debian fedoraproject CWE-345	8.8
2023-11-01	CVE-2023-5849	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject CWE-190	8.8
2023-11-01	CVE-2023-5850	Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. network low complexity google debian fedoraproject	4.3
2023-11-01	CVE-2023-5851	Origin Validation Error vulnerability in multiple products Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. network low complexity google debian fedoraproject CWE-346	4.3
2023-11-01	CVE-2023-5852	Use After Free vulnerability in multiple products Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. network low complexity google debian fedoraproject CWE-416	8.8