Vulnerabilities > Fedoraproject > Fedora > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-07 | CVE-2024-1283 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.8 |
2024-01-24 | CVE-2024-0808 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. | 9.8 |
2024-01-18 | CVE-2023-6816 | Out-of-bounds Write vulnerability in multiple products A flaw was found in X.Org server. | 9.8 |
2024-01-16 | CVE-2023-6395 | The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. | 9.8 |
2023-12-27 | CVE-2023-6879 | Out-of-bounds Write vulnerability in multiple products Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). | 9.8 |
2023-11-29 | CVE-2023-6345 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. | 9.6 |
2023-11-11 | CVE-2023-46850 | Use After Free vulnerability in multiple products Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. | 9.8 |
2023-11-09 | CVE-2023-5550 | In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | 9.8 |
2023-11-03 | CVE-2023-3961 | Path Traversal vulnerability in multiple products A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. | 9.8 |
2023-10-18 | CVE-2023-39332 | Path Traversal vulnerability in multiple products Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. | 9.8 |