Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2024-02-21 CVE-2023-42843 Authentication Bypass by Spoofing vulnerability in multiple products
An inconsistent user interface issue was addressed with improved state management.
network
low complexity
apple fedoraproject wpewebkit webkitgtk CWE-290
4.3
2024-02-21 CVE-2024-1669 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
2024-02-21 CVE-2024-1670 Use After Free vulnerability in multiple products
Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
2024-02-21 CVE-2024-1672 Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page.
network
low complexity
google fedoraproject
5.4
2024-02-21 CVE-2024-1673 Use After Free vulnerability in multiple products
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures.
network
low complexity
google fedoraproject CWE-416
8.8
2024-02-21 CVE-2024-1674 Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google fedoraproject
8.8
2024-02-21 CVE-2024-1675 Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
network
low complexity
google fedoraproject
8.8
2024-02-21 CVE-2024-1676 Cross-site Scripting vulnerability in multiple products
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google fedoraproject CWE-79
5.4
2024-02-19 CVE-2024-26134 Classic Buffer Overflow vulnerability in multiple products
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format.
network
low complexity
agronholm fedoraproject CWE-120
7.5
2024-02-19 CVE-2024-1597 SQL Injection vulnerability in multiple products
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE.
network
low complexity
postgresql fedoraproject CWE-89
critical
9.8