Vulnerabilities > Fedoraproject > Fedora
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-19 | CVE-2023-2134 | Out-of-bounds Write vulnerability in multiple products Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-04-19 | CVE-2023-2135 | Use After Free vulnerability in multiple products Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. | 7.5 |
2023-04-19 | CVE-2023-2136 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2023-04-19 | CVE-2023-2137 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-04-18 | CVE-2023-28856 | Reachable Assertion vulnerability in multiple products Redis is an open source, in-memory database that persists on disk. | 6.5 |
2023-04-17 | CVE-2023-29197 | guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. | 7.5 |
2023-04-15 | CVE-2021-43612 | Out-of-bounds Write vulnerability in multiple products In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. | 7.5 |
2023-04-14 | CVE-2023-2033 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-04-12 | CVE-2023-1906 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. | 5.5 |
2023-04-12 | CVE-2023-1994 | Resource Exhaustion vulnerability in multiple products GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | 6.5 |