Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-42916 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read was addressed with improved input validation.
network
low complexity
apple fedoraproject debian webkitgtk CWE-125
6.5
6.5
2023-11-30 CVE-2023-42917 Out-of-bounds Write vulnerability in multiple products
A memory corruption vulnerability was addressed with improved locking.
network
low complexity
apple debian fedoraproject webkitgtk CWE-787
8.8
8.8
2023-11-29 CVE-2023-6345 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file.
network
low complexity
google debian fedoraproject microsoft CWE-190
critical
 9.6
9.6
2023-11-29 CVE-2023-6346 Use After Free vulnerability in multiple products
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-11-29 CVE-2023-6347 Use After Free vulnerability in multiple products
Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-11-29 CVE-2023-6348 Type Confusion vulnerability in multiple products
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-843
8.8
8.8
2023-11-29 CVE-2023-6350 Use After Free vulnerability in multiple products
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-11-29 CVE-2023-6351 Use After Free vulnerability in multiple products
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-11-28 CVE-2023-5981 Information Exposure Through Discrepancy vulnerability in multiple products
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
network
high complexity
gnu redhat fedoraproject CWE-203
5.9
5.9
2023-11-24 CVE-2023-6277 Resource Exhaustion vulnerability in multiple products
An out-of-memory flaw was found in libtiff.
network
low complexity
libtiff fedoraproject CWE-400
6.5
6.5