Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-43665 | Improper Validation of Specified Quantity in Input vulnerability in multiple products In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. | 7.5 |
| 2023-11-03 | CVE-2023-44271 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Pillow before 10.0.0. | 7.5 |
| 2023-11-01 | CVE-2023-5480 | Cross-site Scripting vulnerability in multiple products Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. | 6.1 |
| 2023-11-01 | CVE-2023-5482 | Insufficient Verification of Data Authenticity vulnerability in multiple products Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | 8.8 |
| 2023-11-01 | CVE-2023-5849 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-11-01 | CVE-2023-5850 | Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. | 4.3 |
| 2023-11-01 | CVE-2023-5851 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. | 4.3 |
| 2023-11-01 | CVE-2023-5852 | Use After Free vulnerability in multiple products Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. | 8.8 |
| 2023-11-01 | CVE-2023-5853 | Origin Validation Error vulnerability in multiple products Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. | 4.3 |
| 2023-11-01 | CVE-2023-5854 | Use After Free vulnerability in multiple products Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. | 8.8 |