Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2024-02-21 CVE-2024-1675 Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
network
low complexity
google fedoraproject
8.8
8.8
2024-02-21 CVE-2024-1676 Cross-site Scripting vulnerability in multiple products
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google fedoraproject CWE-79
5.4
5.4
2024-02-19 CVE-2024-26134 Classic Buffer Overflow vulnerability in multiple products
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format.
network
low complexity
agronholm fedoraproject CWE-120
7.5
7.5
2024-02-19 CVE-2024-25978 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.
network
low complexity
moodle fedoraproject CWE-770
7.5
7.5
2024-02-19 CVE-2024-25979 The URL parameters accepted by forum search were not limited to the allowed parameters.
network
low complexity
moodle fedoraproject
5.3
5.3
2024-02-19 CVE-2024-25980 Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups.
network
low complexity
moodle fedoraproject
5.3
5.3
2024-02-19 CVE-2024-25981 Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups.
network
low complexity
moodle fedoraproject
5.3
5.3
2024-02-19 CVE-2024-25982 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.
network
low complexity
moodle fedoraproject CWE-352
8.8
8.8
2024-02-19 CVE-2024-25983 Authorization Bypass Through User-Controlled Key vulnerability in multiple products
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
network
low complexity
moodle fedoraproject CWE-639
5.3
5.3
2024-02-19 CVE-2024-1597 SQL Injection vulnerability in multiple products
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE.
network
low complexity
postgresql fedoraproject CWE-89
critical
 9.8
9.8