Fedoraproject ≫ Fedora

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code ex...

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

Students in "Only see own membership" groups could see other students in the group, which should be hidden.

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

H5P metadata automatically populated the author with the user's username, which could be sensitive information.

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allow...

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)