Vulnerabilities > Fedoraproject > Fedora > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-09 | CVE-2023-43641 | libcue provides an API for parsing and extracting data from CUE sheets. | 8.8 |
| 2023-10-07 | CVE-2023-43615 | Classic Buffer Overflow vulnerability in multiple products Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | 7.5 |
| 2023-10-06 | CVE-2023-39928 | Use After Free vulnerability in multiple products A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. | 8.8 |
| 2023-10-05 | CVE-2023-39323 | Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. | 8.1 |
| 2023-10-05 | CVE-2023-5346 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-10-04 | CVE-2023-39191 | An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. | 8.2 |
| 2023-10-04 | CVE-2023-43804 | urllib3 is a user-friendly HTTP client library for Python. | 8.1 |
| 2023-10-03 | CVE-2023-4911 | Out-of-bounds Write vulnerability in multiple products A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. | 7.8 |
| 2023-10-03 | CVE-2023-5345 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. | 7.8 |
| 2023-10-02 | CVE-2023-5344 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | 7.5 |