Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-30631 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions | 7.5 |
| 2023-06-13 | CVE-2023-3214 | Use After Free vulnerability in multiple products Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-06-13 | CVE-2023-3215 | Use After Free vulnerability in multiple products Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-06-13 | CVE-2023-3216 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-06-13 | CVE-2023-3217 | Use After Free vulnerability in multiple products Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-06-12 | CVE-2023-3161 | Incorrect Calculation vulnerability in multiple products A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. | 5.5 |
| 2023-06-09 | CVE-2023-2454 | schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | 7.2 |
| 2023-06-09 | CVE-2023-2455 | Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. | 5.4 |
| 2023-06-09 | CVE-2023-32732 | gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. | 5.3 |
| 2023-06-08 | CVE-2023-29402 | Code Injection vulnerability in multiple products The go command may generate unexpected code at build time when using cgo. | 9.8 |