Vulnerabilities > Fedoraproject > Fedora > 38

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2023-39197 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel.
network
low complexity
linux fedoraproject CWE-125
7.5
7.5
2024-01-16 CVE-2024-0517 Out-of-bounds Write vulnerability in multiple products
Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8
2024-01-16 CVE-2024-0518 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-843
8.8
8.8
2024-01-16 CVE-2024-0519 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject couchbase CWE-787
8.8
8.8
2024-01-16 CVE-2023-6395 The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges.
network
low complexity
rpm-software-management fedoraproject
critical
 9.8
9.8
2024-01-16 CVE-2024-0567 Improper Verification of Cryptographic Signature vulnerability in multiple products
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust.
network
low complexity
gnu fedoraproject netapp debian CWE-347
7.5
7.5
2024-01-15 CVE-2023-4001 Authentication Bypass by Spoofing vulnerability in multiple products
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature.
low complexity
gnu redhat fedoraproject CWE-290
6.8
6.8
2024-01-10 CVE-2024-0333 Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page.
network
high complexity
google fedoraproject
5.3
5.3
2024-01-10 CVE-2023-41056 Redis is an in-memory database that persists on disk.
network
high complexity
redis fedoraproject
8.1
8.1
2024-01-10 CVE-2023-5455 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.
network
low complexity
freeipa fedoraproject redhat CWE-352
6.5
6.5