Vulnerabilities > Fedoraproject > Fedora > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-23 | CVE-2023-5972 | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. | 7.8 |
| 2023-11-15 | CVE-2023-5997 | Use After Free vulnerability in multiple products Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-11-15 | CVE-2023-6112 | Use After Free vulnerability in multiple products Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-11-14 | CVE-2023-5528 | A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. | 8.8 |
| 2023-11-11 | CVE-2023-46849 | Divide By Zero vulnerability in multiple products Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service. | 7.5 |
| 2023-11-09 | CVE-2023-5539 | Code Injection vulnerability in multiple products A remote code execution risk was identified in the Lesson activity. | 8.8 |
| 2023-11-09 | CVE-2023-5540 | Code Injection vulnerability in multiple products A remote code execution risk was identified in the IMSCP activity. | 8.8 |
| 2023-11-08 | CVE-2023-5996 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-11-03 | CVE-2023-1194 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. | 8.1 |
| 2023-11-03 | CVE-2023-41164 | Improper Validation of Specified Quantity in Input vulnerability in multiple products In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. | 7.5 |