Vulnerabilities > Fedoraproject > Fedora > 37
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-05 | CVE-2023-42754 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. | 5.5 |
| 2023-10-05 | CVE-2023-5346 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-10-04 | CVE-2023-43804 | Information Exposure vulnerability in multiple products urllib3 is a user-friendly HTTP client library for Python. | 8.1 |
| 2023-10-03 | CVE-2023-4911 | Out-of-bounds Write vulnerability in multiple products A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. | 7.8 |
| 2023-10-03 | CVE-2023-5345 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. | 7.8 |
| 2023-10-02 | CVE-2023-5344 | Heap-based Buffer Overflow vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | 7.5 |
| 2023-09-30 | CVE-2023-44488 | Improper Handling of Exceptional Conditions vulnerability in multiple products VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | 7.5 |
| 2023-09-29 | CVE-2023-43655 | Injection vulnerability in multiple products Composer is a dependency manager for PHP. | 8.8 |
| 2023-09-28 | CVE-2023-5186 | Use After Free vulnerability in multiple products Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. | 8.8 |
| 2023-09-28 | CVE-2023-5187 | Use After Free vulnerability in multiple products Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 8.8 |