Vulnerabilities > Fedoraproject > Fedora > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-09 CVE-2024-5585 Improper Encoding or Escaping of Output vulnerability in multiple products
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces.
network
low complexity
php fedoraproject CWE-116
8.8
8.8
2024-05-30 CVE-2024-5493 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8
2024-05-30 CVE-2024-5494 Use After Free vulnerability in multiple products
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-05-30 CVE-2024-5495 Use After Free vulnerability in multiple products
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-05-30 CVE-2024-5496 Use After Free vulnerability in multiple products
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-05-30 CVE-2024-5497 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8
2024-05-30 CVE-2024-5498 Use After Free vulnerability in multiple products
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-05-30 CVE-2024-5499 Out-of-bounds Write vulnerability in multiple products
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8
2024-05-22 CVE-2024-5157 Use After Free vulnerability in multiple products
Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-05-22 CVE-2024-5158 Type Confusion vulnerability in multiple products
Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page.
network
low complexity
google fedoraproject CWE-843
8.1
8.1