Vulnerabilities > Fedoraproject > Fedora > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-09 | CVE-2024-4577 | OS Command Injection vulnerability in multiple products In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. | 9.8 |
| 2024-05-28 | CVE-2024-5274 | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 9.6 |
| 2024-05-15 | CVE-2024-4947 | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 9.6 |
| 2024-05-14 | CVE-2024-4671 | Use After Free vulnerability in multiple products Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2024-02-19 | CVE-2024-1597 | SQL Injection vulnerability in multiple products pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. | 9.8 |
| 2024-02-07 | CVE-2024-1284 | Use After Free vulnerability in multiple products Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.8 |
| 2024-02-07 | CVE-2024-1283 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.8 |
| 2024-01-24 | CVE-2024-0808 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. | 9.8 |
| 2024-01-18 | CVE-2023-6816 | Out-of-bounds Write vulnerability in multiple products A flaw was found in X.Org server. | 9.8 |
| 2024-01-16 | CVE-2023-6395 | The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. | 9.8 |