Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2024-02-21 CVE-2024-1669 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8
2024-02-21 CVE-2024-1670 Use After Free vulnerability in multiple products
Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-02-21 CVE-2024-1672 Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page.
network
low complexity
google fedoraproject
5.4
5.4
2024-02-21 CVE-2024-1673 Use After Free vulnerability in multiple products
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-02-21 CVE-2024-1674 Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google fedoraproject
8.8
8.8
2024-02-21 CVE-2024-1675 Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
network
low complexity
google fedoraproject
8.8
8.8
2024-02-21 CVE-2024-1676 Cross-site Scripting vulnerability in multiple products
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google fedoraproject CWE-79
5.4
5.4
2024-02-19 CVE-2024-1597 SQL Injection vulnerability in multiple products
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE.
network
low complexity
postgresql fedoraproject CWE-89
critical
 9.8
9.8
2024-02-14 CVE-2023-50387 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. 		7.5
7.5
2024-02-13 CVE-2024-24814 mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality.
network
low complexity
openidc debian fedoraproject
7.5
7.5