NotCVE - vendor:"Fedoraproject" product:"Fedora" version:"37"

Page 2 of 693 results (0.005 seconds)

CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0

CVE-2023-5997 – Gentoo Linux Security Advisory 202311-11

https://notcve.org/view.php?id=CVE-2023-5997

15 Nov 2023 — Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Garbage Collection en Google Chrome anterior a 119.0.6045.159 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its deriv... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html • CWE-416: Use After Free •

CVSS: 9.0EPSS: 29%CPEs: 7EXPL: 0

CVE-2023-5528 – Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation

https://notcve.org/view.php?id=CVE-2023-5528

14 Nov 2023 — A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. Se descubrió un problema de seguridad en Kubernetes donde un usuario que puede crear pods y volúmenes persistentes en nodos de Windows puede escalar a privilegios de administrador en esos nodos. Los clústeres de Kubernetes solo se ... • https://github.com/kubernetes/kubernetes/issues/121879 • CWE-20: Improper Input Validation •

CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0

CVE-2023-5547 – Moodle: xss risk when previewing data in course upload tool

https://notcve.org/view.php?id=CVE-2023-5547

09 Nov 2023 — The course upload preview contained an XSS risk for users uploading unsafe data. La vista previa de la carga del curso contenía un riesgo XSS para los usuarios que cargaban datos no seguros. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 1%CPEs: 7EXPL: 1

CVE-2023-5546 – Moodle: stored xss in quiz grading report via user id number

https://notcve.org/view.php?id=CVE-2023-5546

09 Nov 2023 — ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Los números de identificación que se muestran en el informe de calificación del cuestionario requirieron una sanitización adicional para evitar un riesgo de XSS almacenado. • https://github.com/obelia01/CVE-2023-5546 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2023-5544 – Moodle: stored xss and potential idor risk in wiki comments

https://notcve.org/view.php?id=CVE-2023-5544

09 Nov 2023 — Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. Los comentarios de Wiki requirieron restricciones de acceso y sanitización adicionales para evitar un riesgo XSS almacenado y un riesgo potencial de IDOR. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-47272 – Ubuntu Security Notice USN-6848-1

https://notcve.org/view.php?id=CVE-2023-47272

05 Nov 2023 — Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). Roundcube 1.5.x anterior a 1.5.6 y 1.6.x anterior a 1.6.5 permite XSS a través de un encabezado Content-Type o Content-Disposition (utilizado para la vista previa o descarga de archivos adjuntos). Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbit... • https://github.com/roundcube/roundcubemail/commit/5ec496885e18ec6af956e8c0d627856c2257ba2d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-1194 – Use-after-free in parse_lease_state()

https://notcve.org/view.php?id=CVE-2023-1194

03 Nov 2023 — An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. Se encontró una falla de lectura de memoria Out-Of-Bounds (OOB) en parse_lease_state en la implementación KSMBD del servidor samba en el kernel... • https://access.redhat.com/security/cve/CVE-2023-1194 • CWE-125: Out-of-bounds Read CWE-416: Use After Free •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-5859 – Gentoo Linux Security Advisory 202311-11

https://notcve.org/view.php?id=CVE-2023-5859

01 Nov 2023 — Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) La interfaz de usuario de seguridad incorrecta en Imagen sobre Imagen en Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto realizar una suplantación de dominio a través de una página HTML local manipulada. (Severidad de seguridad de Chrome: baja) Multiple vulnerabilities have been discove... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-346: Origin Validation Error •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-5858 – Gentoo Linux Security Advisory 202311-11

https://notcve.org/view.php?id=CVE-2023-5858

01 Nov 2023 — Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) La implementación inadecuada en WebApp Provider en Google Chrome anterior a 119.0.6045.105 permitió a un atacante remoto ofuscar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) Multiple vulnerabilities have been discovered in Chromium and its d... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-346: Origin Validation Error •

CVSS: 10.0EPSS: 5%CPEs: 6EXPL: 0

CVE-2023-5857 – Gentoo Linux Security Advisory 202311-11

https://notcve.org/view.php?id=CVE-2023-5857

01 Nov 2023 — Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) La implementación inadecuada en Descargas en Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto ejecutar potencialmente código arbitrario a través de un archivo malicioso. (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in Chromium and its deriv... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html •

1 2 3 4 5