Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2023-09-15 CVE-2023-38039 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.
network
low complexity
haxx fedoraproject microsoft CWE-770
7.5
7.5
2023-09-13 CVE-2023-3255 Infinite Loop vulnerability in multiple products
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages.
network
low complexity
qemu redhat fedoraproject CWE-835
6.5
6.5
2023-09-13 CVE-2023-4155 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel.
local
high complexity
linux redhat fedoraproject CWE-367
5.6
5.6
2023-09-12 CVE-2023-4813 Use After Free vulnerability in multiple products
A flaw was found in glibc.
network
high complexity
gnu redhat fedoraproject netapp CWE-416
5.9
5.9
2023-09-12 CVE-2023-4900 Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page.
network
low complexity
google fedoraproject debian
4.3
4.3
2023-09-12 CVE-2023-4901 Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page.
network
low complexity
google fedoraproject debian
4.3
4.3
2023-09-12 CVE-2023-4902 Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google fedoraproject debian
4.3
4.3
2023-09-12 CVE-2023-4903 Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google fedoraproject debian
4.3
4.3
2023-09-12 CVE-2023-4904 Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download.
network
low complexity
google fedoraproject debian
4.3
4.3
2023-09-12 CVE-2023-4905 Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google fedoraproject debian
4.3
4.3