Vulnerabilities > Fedoraproject > Fedora > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-11 CVE-2023-6186 Improper Preservation of Permissions vulnerability in multiple products
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
network
low complexity
libreoffice fedoraproject debian CWE-281
8.8
8.8
2023-12-06 CVE-2023-6508 Use After Free vulnerability in multiple products
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-12-06 CVE-2023-6509 Use After Free vulnerability in multiple products
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction.
network
low complexity
debian fedoraproject google CWE-416
8.8
8.8
2023-12-06 CVE-2023-6510 Use After Free vulnerability in multiple products
Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction.
network
low complexity
debian fedoraproject google CWE-416
8.8
8.8
2023-11-30 CVE-2023-42917 Out-of-bounds Write vulnerability in multiple products
A memory corruption vulnerability was addressed with improved locking.
network
low complexity
apple debian fedoraproject webkitgtk CWE-787
8.8
8.8
2023-11-29 CVE-2023-6346 Use After Free vulnerability in multiple products
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-11-29 CVE-2023-6347 Use After Free vulnerability in multiple products
Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-11-29 CVE-2023-6348 Type Confusion vulnerability in multiple products
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-843
8.8
8.8
2023-11-29 CVE-2023-6350 Use After Free vulnerability in multiple products
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-11-29 CVE-2023-6351 Use After Free vulnerability in multiple products
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8