Vulnerabilities > Fedoraproject > Fedora > 38

DATE CVE VULNERABILITY TITLE RISK
2023-03-22 CVE-2023-28439 Cross-site Scripting vulnerability in multiple products
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.
network
low complexity
ckeditor fedoraproject CWE-79
6.1
6.1
2023-03-21 CVE-2023-1528 Use After Free vulnerability in multiple products
Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2023-03-21 CVE-2023-1529 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device.
network
low complexity
google fedoraproject CWE-787
critical
 9.8
9.8
2023-03-21 CVE-2023-1530 Use After Free vulnerability in multiple products
Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2023-03-21 CVE-2023-1531 Use After Free vulnerability in multiple products
Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject chromium CWE-416
8.8
8.8
2023-03-21 CVE-2023-1532 Out-of-bounds Read vulnerability in multiple products
Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-125
8.8
8.8
2023-03-21 CVE-2023-1533 Use After Free vulnerability in multiple products
Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2023-03-21 CVE-2023-1534 Out-of-bounds Read vulnerability in multiple products
Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-125
8.8
8.8
2023-03-21 CVE-2022-42331 x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late.
local
low complexity
xen fedoraproject
5.5
5.5
2023-03-21 CVE-2022-42332 Use After Free vulnerability in multiple products
x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode.
local
low complexity
xen debian fedoraproject CWE-416
7.8
7.8