Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-21 | CVE-2023-1529 | Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) | Fedora, Chrome | 9.8 | ||
| 2023-03-21 | CVE-2023-1531 | Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Chromium, Fedora, Chrome | 8.8 | ||
| 2023-03-21 | CVE-2023-1532 | Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Fedora, Chrome | 8.8 | ||
| 2023-03-21 | CVE-2023-1533 | Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Fedora, Chrome | 8.8 | ||
| 2023-03-21 | CVE-2023-1534 | Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Fedora, Chrome | 8.8 | ||
| 2023-03-22 | CVE-2023-28439 | CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `<textarea>` as a base; and destroying the editor... | Ckeditor, Fedora | 6.1 | ||
| 2023-03-23 | CVE-2023-1289 | A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote... | Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux | 5.5 | ||
| 2023-03-23 | CVE-2023-1544 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. | Fedora, Qemu | 6.3 | ||
| 2023-03-23 | CVE-2023-28333 | The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | Fedora, Moodle | 9.8 | ||
| 2023-03-23 | CVE-2023-28336 | Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | Fedora, Moodle | 4.3 |