Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2024-02-23 CVE-2024-27318 Path Traversal vulnerability in multiple products
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory.
network
low complexity
linuxfoundation fedoraproject CWE-22
7.5
7.5
2024-02-23 CVE-2024-27319 Out-of-bounds Read vulnerability in multiple products
Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.
network
low complexity
linuxfoundation fedoraproject CWE-125
critical
 9.1
9.1
2024-02-23 CVE-2024-25629 Out-of-bounds Read vulnerability in multiple products
c-ares is a C library for asynchronous DNS requests.
local
low complexity
c-ares fedoraproject CWE-125
5.5
5.5
2024-02-22 CVE-2023-52160 Improper Authentication vulnerability in multiple products
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass.
network
low complexity
debian redhat fedoraproject w1-fi CWE-287
6.5
6.5
2024-02-21 CVE-2023-42843 Authentication Bypass by Spoofing vulnerability in multiple products
An inconsistent user interface issue was addressed with improved state management.
network
low complexity
apple fedoraproject wpewebkit webkitgtk CWE-290
4.3
4.3
2024-02-21 CVE-2024-1669 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8
2024-02-21 CVE-2024-1670 Use After Free vulnerability in multiple products
Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-02-21 CVE-2024-1672 Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page.
network
low complexity
google fedoraproject
5.4
5.4
2024-02-21 CVE-2024-1673 Use After Free vulnerability in multiple products
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-02-21 CVE-2024-1674 Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google fedoraproject
8.8
8.8