Vulnerabilities > Fedoraproject > Fedora > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-18 CVE-2024-38276 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Incorrect CSRF token checks resulted in multiple CSRF risks.
network
low complexity
fedoraproject moodle CWE-352
8.8
2024-06-11 CVE-2024-5830 Type Confusion vulnerability in multiple products
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
network
low complexity
google fedoraproject CWE-843
8.8
2024-06-11 CVE-2024-5831 Use After Free vulnerability in multiple products
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
2024-06-11 CVE-2024-5832 Use After Free vulnerability in multiple products
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
2024-06-11 CVE-2024-5833 Type Confusion vulnerability in multiple products
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
network
low complexity
google fedoraproject CWE-843
8.8
2024-06-11 CVE-2024-5834 Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
network
low complexity
google fedoraproject
8.8
2024-06-11 CVE-2024-5835 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
2024-06-11 CVE-2024-5836 Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
network
low complexity
google fedoraproject
8.8
2024-06-11 CVE-2024-5837 Type Confusion vulnerability in multiple products
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
network
low complexity
google fedoraproject CWE-843
8.8
2024-06-11 CVE-2024-5838 Type Confusion vulnerability in multiple products
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
network
low complexity
google fedoraproject CWE-843
8.8