Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-41983 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The issue was addressed with improved memory handling. | 6.5 |
| 2023-10-23 | CVE-2023-45802 | Resource Exhaustion vulnerability in multiple products When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. | 5.9 |
| 2023-10-18 | CVE-2023-5631 | Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. | 5.4 |
| 2023-10-17 | CVE-2023-22084 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
| 2023-10-17 | CVE-2023-45803 | Information Exposure vulnerability in multiple products urllib3 is a user-friendly HTTP client library for Python. | 4.2 |
| 2023-10-13 | CVE-2023-39999 | Information Exposure vulnerability in multiple products Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38. | 4.3 |
| 2023-10-12 | CVE-2023-43789 | Out-of-bounds Read vulnerability in multiple products A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. | 5.5 |
| 2023-10-11 | CVE-2023-5475 | Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. | 6.5 |
| 2023-10-11 | CVE-2023-5484 | Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
| 2023-10-11 | CVE-2023-5487 | Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 6.5 |