Vulnerabilities > Fedoraproject > Fedora > 39

DATE CVE VULNERABILITY TITLE RISK
2024-06-11 CVE-2024-5845 Use After Free vulnerability in multiple products
Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-06-11 CVE-2024-5846 Use After Free vulnerability in multiple products
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-06-11 CVE-2024-5847 Use After Free vulnerability in multiple products
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-06-09 CVE-2024-4577 OS Command Injection vulnerability in multiple products
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions.
network
low complexity
php fedoraproject CWE-78
critical
 9.8
9.8
2024-05-30 CVE-2024-5493 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8
2024-05-30 CVE-2024-5494 Use After Free vulnerability in multiple products
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-05-30 CVE-2024-5495 Use After Free vulnerability in multiple products
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-05-30 CVE-2024-5496 Use After Free vulnerability in multiple products
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-05-30 CVE-2024-5497 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8
2024-05-30 CVE-2024-5498 Use After Free vulnerability in multiple products
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8