Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-09 | CVE-2023-5544 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | 5.4 |
| 2023-11-09 | CVE-2023-5545 | Exposure of Resource to Wrong Sphere vulnerability in multiple products H5P metadata automatically populated the author with the user's username, which could be sensitive information. | 5.3 |
| 2023-11-09 | CVE-2023-5546 | Cross-site Scripting vulnerability in multiple products ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | 5.4 |
| 2023-11-09 | CVE-2023-5547 | Cross-site Scripting vulnerability in multiple products The course upload preview contained an XSS risk for users uploading unsafe data. | 6.1 |
| 2023-11-09 | CVE-2023-5548 | Insufficient Verification of Data Authenticity vulnerability in multiple products Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | 5.3 |
| 2023-11-09 | CVE-2023-5549 | Improper Privilege Management vulnerability in multiple products Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | 5.3 |
| 2023-11-09 | CVE-2023-5550 | In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | 9.8 |
| 2023-11-09 | CVE-2023-5551 | Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | 3.3 |
| 2023-11-08 | CVE-2023-5996 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-11-06 | CVE-2023-4535 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. | 3.8 |