Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2024-05-01 CVE-2024-27017 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used.
local
low complexity
linux fedoraproject
5.5
2024-05-01 CVE-2024-27018 In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path.
local
low complexity
linux fedoraproject
7.8
2024-05-01 CVE-2024-27019 Race Condition vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unregister_obj() can concurrent with __nft_obj_type_get(), and there is not any protection when iterate over nf_tables_objects list in __nft_obj_type_get().
local
high complexity
linux fedoraproject CWE-362
4.7
2024-05-01 CVE-2024-27021 Improper Locking vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_register() to the netdev is problematic because on module removal we get a RTNL-related deadlock.
local
low complexity
linux fedoraproject CWE-667
7.8
2024-04-17 CVE-2024-3914 Use After Free vulnerability in multiple products
Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
6.5
2024-04-17 CVE-2024-3832 Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
network
low complexity
google fedoraproject
8.8
2024-04-17 CVE-2024-3833 Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
network
low complexity
google fedoraproject
8.8
2024-04-17 CVE-2024-3840 Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google fedoraproject
7.5
2024-04-17 CVE-2024-3841 Cross-site Scripting vulnerability in multiple products
Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file.
network
low complexity
google fedoraproject CWE-79
6.1
2024-04-17 CVE-2024-3843 Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
network
low complexity
google fedoraproject
4.3