Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2023-10-17 CVE-2023-45803 urllib3 is a user-friendly HTTP client library for Python.
high complexity
python fedoraproject
4.2
4.2
2023-10-17 CVE-2023-39456 Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.
network
low complexity
apache fedoraproject
7.5
7.5
2023-10-17 CVE-2023-41752 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.
network
low complexity
apache fedoraproject
7.5
7.5
2023-10-13 CVE-2023-39999 Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.
network
low complexity
wordpress fedoraproject
4.3
4.3
2023-10-12 CVE-2023-45143 Undici is an HTTP/1.1 client written from scratch for Node.js.
network
low complexity
nodejs fedoraproject
3.5
3.5
2023-10-12 CVE-2023-43789 Out-of-bounds Read vulnerability in multiple products
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. 		5.5
5.5
2023-10-11 CVE-2023-5218 Use After Free vulnerability in multiple products
Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-10-11 CVE-2023-5475 Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension.
network
low complexity
google fedoraproject debian
6.5
6.5
2023-10-11 CVE-2023-5484 Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
6.5
2023-10-11 CVE-2023-5487 Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
network
low complexity
google fedoraproject
6.5
6.5