Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2023-4134 | Use After Free vulnerability in multiple products A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. | 5.5 |
| 2024-06-11 | CVE-2024-5839 | Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2024-06-11 | CVE-2024-5840 | Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. | 6.5 |
| 2024-06-11 | CVE-2024-5843 | Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. | 6.5 |
| 2024-06-09 | CVE-2024-2408 | Information Exposure Through Discrepancy vulnerability in multiple products The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). | 5.9 |
| 2024-06-09 | CVE-2024-5458 | Insufficient Verification of Data Authenticity vulnerability in multiple products In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. | 5.3 |
| 2024-05-15 | CVE-2024-4948 | Use After Free vulnerability in multiple products Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2024-05-15 | CVE-2024-4949 | Use After Free vulnerability in multiple products Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2024-05-15 | CVE-2024-4950 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. | 6.5 |
| 2024-05-14 | CVE-2024-31443 | Cross-site Scripting vulnerability in multiple products Cacti provides an operational monitoring and fault management framework. | 5.4 |