Fedoraproject: Security Vulnerabilities
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
CVSS Score
3.3
EPSS Score
0.002
Published
2023-11-09
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
CVSS Score
6.5
EPSS Score
0.01
Published
2023-11-09
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
CVSS Score
4.7
EPSS Score
0.018
Published
2023-11-09
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
CVSS Score
3.3
EPSS Score
0.003
Published
2023-11-09
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-09
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVSS Score
3.3
EPSS Score
0.003
Published
2023-11-09
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-11-09
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
CVSS Score
4.7
EPSS Score
0.018
Published
2023-11-09
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.003
Published
2023-11-08
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.
CVSS Score
4.5
EPSS Score
0.002
Published
2023-11-06