Vulnerabilities > Fedoraproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-09 | CVE-2023-5547 | Cross-site Scripting vulnerability in multiple products The course upload preview contained an XSS risk for users uploading unsafe data. | 6.1 |
| 2023-11-09 | CVE-2023-5548 | Insufficient Verification of Data Authenticity vulnerability in multiple products Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | 5.3 |
| 2023-11-09 | CVE-2023-5549 | Improper Privilege Management vulnerability in multiple products Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | 5.3 |
| 2023-11-06 | CVE-2023-47272 | Cross-site Scripting vulnerability in multiple products Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). | 6.1 |
| 2023-11-03 | CVE-2023-42670 | A flaw was found in Samba. | 6.5 |
| 2023-11-03 | CVE-2023-4091 | Incorrect Default Permissions vulnerability in multiple products A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". | 6.5 |
| 2023-11-01 | CVE-2023-5480 | Cross-site Scripting vulnerability in multiple products Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. | 6.1 |
| 2023-11-01 | CVE-2023-5850 | Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. | 4.3 |
| 2023-11-01 | CVE-2023-5851 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. | 4.3 |
| 2023-11-01 | CVE-2023-5853 | Origin Validation Error vulnerability in multiple products Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. | 4.3 |