Fedoraproject: >> Fedora >> 37 Security Vulnerabilities
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.183
Published
2023-11-15
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
CVSS Score
7.2
EPSS Score
0.206
Published
2023-11-14
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
CVSS Score
4.3
EPSS Score
0.01
Published
2023-11-09
The course upload preview contained an XSS risk for users uploading unsafe data.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-11-09
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-09
Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
CVSS Score
6.1
EPSS Score
0.004
Published
2023-11-06
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-11-03
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.006
Published
2023-11-01
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.006
Published
2023-11-01
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.003
Published
2023-11-01