Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-30 | CVE-2024-5495 | Use After Free vulnerability in multiple products Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-05-30 | CVE-2024-5496 | Use After Free vulnerability in multiple products Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2024-05-30 | CVE-2024-5497 | Out-of-bounds Write vulnerability in multiple products Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-05-30 | CVE-2024-5498 | Use After Free vulnerability in multiple products Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-05-30 | CVE-2024-5499 | Out-of-bounds Write vulnerability in multiple products Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2024-05-29 | CVE-2024-31079 | Out-of-bounds Write vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. | 4.8 |
| 2024-05-29 | CVE-2024-32760 | Out-of-bounds Write vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | 6.5 |
| 2024-05-29 | CVE-2024-34161 | Use After Free vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. | 5.3 |
| 2024-05-29 | CVE-2024-35200 | NULL Pointer Dereference vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. | 5.3 |
| 2024-05-28 | CVE-2024-5274 | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 9.6 |