Vulnerabilities > Fedoraproject > Fedora > 40
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-29 | CVE-2024-1938 | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | 8.8 |
2024-02-29 | CVE-2024-1939 | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2024-02-26 | CVE-2024-1622 | Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening. | 7.5 |
2024-02-24 | CVE-2024-21501 | Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). | 5.3 |
2024-02-23 | CVE-2024-27318 | Path Traversal vulnerability in multiple products Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. | 7.5 |
2024-02-23 | CVE-2024-27319 | Out-of-bounds Read vulnerability in multiple products Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy. | 9.1 |
2024-02-23 | CVE-2024-25629 | Out-of-bounds Read vulnerability in multiple products c-ares is a C library for asynchronous DNS requests. | 5.5 |
2024-02-22 | CVE-2023-3966 | A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. | 7.5 |
2024-02-21 | CVE-2023-42843 | Authentication Bypass by Spoofing vulnerability in multiple products An inconsistent user interface issue was addressed with improved state management. | 4.3 |
2024-02-19 | CVE-2024-26134 | Classic Buffer Overflow vulnerability in multiple products cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. | 7.5 |