Vulnerabilities > Fedoraproject > Fedora > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2023-50387 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue.
7.5
2024-02-07 CVE-2024-20290 Out-of-bounds Read vulnerability in multiple products
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read.
network
low complexity
cisco fedoraproject CWE-125
7.5
2024-01-31 CVE-2024-21626 Exposure of Resource to Wrong Sphere vulnerability in multiple products
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification.
local
low complexity
linuxfoundation fedoraproject CWE-668
8.6
2024-01-31 CVE-2023-6246 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library.
local
low complexity
gnu fedoraproject CWE-787
7.8
2024-01-31 CVE-2023-6779 Out-of-bounds Write vulnerability in multiple products
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library.
network
low complexity
gnu fedoraproject CWE-787
7.5
2024-01-30 CVE-2024-1059 Use After Free vulnerability in multiple products
Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
2024-01-30 CVE-2024-1060 Use After Free vulnerability in multiple products
Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
2024-01-30 CVE-2024-1077 Use After Free vulnerability in multiple products
Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file.
network
low complexity
google fedoraproject CWE-416
8.8
2024-01-29 CVE-2024-23334 Path Traversal vulnerability in multiple products
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
network
low complexity
aiohttp fedoraproject CWE-22
7.5
2024-01-29 CVE-2023-40551 Out-of-bounds Read vulnerability in multiple products
A flaw was found in the MZ binary format in Shim.
local
low complexity
redhat fedoraproject CWE-125
7.1