Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-34241 Use After Free vulnerability in multiple products
OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. 		7.1
7.1
2023-06-21 CVE-2023-2828 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers.
network
low complexity
isc debian fedoraproject netapp CWE-770
7.5
7.5
2023-06-16 CVE-2023-34474 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c.
local
low complexity
imagemagick fedoraproject CWE-787
5.5
5.5
2023-06-16 CVE-2023-34475 Use After Free vulnerability in multiple products
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c.
local
low complexity
imagemagick fedoraproject CWE-416
5.5
5.5
2023-06-16 CVE-2023-3195 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c.
local
low complexity
imagemagick fedoraproject CWE-787
5.5
5.5
2023-06-16 CVE-2023-2431 A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement.
local
low complexity
kubernetes fedoraproject
5.5
5.5
2023-06-14 CVE-2023-30631 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions
network
low complexity
apache debian fedoraproject CWE-20
7.5
7.5
2023-06-13 CVE-2023-3214 Use After Free vulnerability in multiple products
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-06-13 CVE-2023-3215 Use After Free vulnerability in multiple products
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-06-13 CVE-2023-3216 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-843
8.8
8.8