Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2023-03-23 CVE-2023-1513 Improper Initialization vulnerability in multiple products
A flaw was found in KVM.
local
low complexity
linux fedoraproject redhat CWE-665
3.3
3.3
2023-03-23 CVE-2023-28333 Code Injection vulnerability in multiple products
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).
network
low complexity
moodle fedoraproject CWE-94
critical
 9.8
9.8
2023-03-23 CVE-2023-28336 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
network
low complexity
moodle fedoraproject CWE-668
4.3
4.3
2023-03-23 CVE-2023-1289 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault.
local
low complexity
imagemagick fedoraproject redhat CWE-20
5.5
5.5
2023-03-23 CVE-2023-1544 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device.
local
low complexity
qemu fedoraproject CWE-770
6.3
6.3
2023-03-22 CVE-2023-28439 Cross-site Scripting vulnerability in multiple products
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.
network
low complexity
ckeditor fedoraproject CWE-79
6.1
6.1
2023-03-21 CVE-2023-1528 Use After Free vulnerability in multiple products
Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2023-03-21 CVE-2023-1529 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device.
network
low complexity
google fedoraproject CWE-787
critical
 9.8
9.8
2023-03-21 CVE-2023-1530 Use After Free vulnerability in multiple products
Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2023-03-21 CVE-2023-1531 Use After Free vulnerability in multiple products
Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject chromium CWE-416
8.8
8.8