Vulnerabilities > Fedoraproject > Fedora > 40

DATE CVE VULNERABILITY TITLE RISK
2024-02-29 CVE-2024-1938 Type Confusion vulnerability in multiple products
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-843
8.8
8.8
2024-02-29 CVE-2024-1939 Type Confusion vulnerability in multiple products
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-843
8.8
8.8
2024-02-26 CVE-2024-1622 Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.
network
low complexity
nlnetlabs fedoraproject
7.5
7.5
2024-02-24 CVE-2024-21501 Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies).
network
low complexity
apostrophecms fedoraproject
5.3
5.3
2024-02-23 CVE-2024-27318 Path Traversal vulnerability in multiple products
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory.
network
low complexity
linuxfoundation fedoraproject CWE-22
7.5
7.5
2024-02-23 CVE-2024-27319 Out-of-bounds Read vulnerability in multiple products
Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.
network
low complexity
linuxfoundation fedoraproject CWE-125
critical
 9.1
9.1
2024-02-23 CVE-2024-25629 Out-of-bounds Read vulnerability in multiple products
c-ares is a C library for asynchronous DNS requests.
local
low complexity
c-ares fedoraproject CWE-125
5.5
5.5
2024-02-22 CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses.
network
low complexity
openvswitch fedoraproject
7.5
7.5
2024-02-21 CVE-2023-42843 Authentication Bypass by Spoofing vulnerability in multiple products
An inconsistent user interface issue was addressed with improved state management.
network
low complexity
apple fedoraproject wpewebkit webkitgtk CWE-290
4.3
4.3
2024-02-19 CVE-2024-26134 Classic Buffer Overflow vulnerability in multiple products
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format.
network
low complexity
agronholm fedoraproject CWE-120
7.5
7.5