Vulnerabilities > Fedoraproject > Fedora > 38
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-20 | CVE-2024-2631 | Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 |
| 2024-03-13 | CVE-2024-2400 | Use After Free vulnerability in multiple products Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-03-10 | CVE-2024-28757 | XML Entity Expansion vulnerability in multiple products libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | 7.5 |
| 2024-03-08 | CVE-2024-23263 | A logic issue was addressed with improved validation. | 6.5 |
| 2024-03-08 | CVE-2024-23280 | Injection vulnerability in multiple products An injection issue was addressed with improved validation. | 6.5 |
| 2024-03-08 | CVE-2024-23284 | A logic issue was addressed with improved state management. | 6.5 |
| 2024-03-07 | CVE-2024-1931 | Infinite Loop vulnerability in multiple products NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. | 7.5 |
| 2024-03-06 | CVE-2024-25111 | Uncontrolled Recursion vulnerability in multiple products Squid is a web proxy cache. | 7.5 |
| 2024-02-29 | CVE-2024-24246 | Out-of-bounds Write vulnerability in multiple products Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h. | 5.5 |
| 2024-02-29 | CVE-2024-1938 | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | 8.8 |