Vulnerabilities > Fedoraproject > Fedora > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-25 | CVE-2022-4318 | Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products A vulnerability was found in cri-o. | 7.8 |
| 2023-09-25 | CVE-2023-4156 | Out-of-bounds Read vulnerability in multiple products A heap out-of-bounds read flaw was found in builtin.c in the gawk package. | 7.1 |
| 2023-09-15 | CVE-2023-38039 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. | 7.5 |
| 2023-09-12 | CVE-2023-4863 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 8.8 |
| 2023-09-11 | CVE-2023-4881 | Out-of-bounds Write vulnerability in multiple products A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. | 7.1 |
| 2023-09-04 | CVE-2023-4733 | Use After Free vulnerability in multiple products Use After Free in GitHub repository vim/vim prior to 9.0.1840. | 7.8 |
| 2023-09-04 | CVE-2023-4750 | Use After Free vulnerability in multiple products Use After Free in GitHub repository vim/vim prior to 9.0.1857. | 7.8 |
| 2023-09-04 | CVE-2023-4752 | Use After Free vulnerability in multiple products Use After Free in GitHub repository vim/vim prior to 9.0.1858. | 7.8 |
| 2023-08-23 | CVE-2023-3899 | Incorrect Authorization vulnerability in multiple products A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. | 7.8 |
| 2023-08-22 | CVE-2021-29390 | Out-of-bounds Write vulnerability in multiple products libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. | 7.1 |