Vulnerabilities > Fedoraproject > Fedora > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-31 | CVE-2023-6246 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. | 7.8 |
2024-01-31 | CVE-2023-6779 | Out-of-bounds Write vulnerability in multiple products An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. | 7.5 |
2024-01-31 | CVE-2024-1086 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. | 7.8 |
2024-01-30 | CVE-2024-1059 | Use After Free vulnerability in multiple products Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | 8.8 |
2024-01-30 | CVE-2024-1060 | Use After Free vulnerability in multiple products Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2024-01-30 | CVE-2024-1077 | Use After Free vulnerability in multiple products Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. | 8.8 |
2024-01-29 | CVE-2024-23334 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 7.5 |
2024-01-29 | CVE-2023-46838 | NULL Pointer Dereference vulnerability in multiple products Transmit requests in Xen's virtual network protocol can consist of multiple parts. | 7.5 |
2024-01-24 | CVE-2024-0804 | Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 7.5 |
2024-01-24 | CVE-2024-0806 | Use After Free vulnerability in multiple products Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. | 8.8 |