Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-21626 | Exposure of Resource to Wrong Sphere vulnerability in multiple products runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. | 8.6 |
| 2024-01-31 | CVE-2023-6246 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. | 7.8 |
| 2024-01-31 | CVE-2023-6779 | Out-of-bounds Write vulnerability in multiple products An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. | 7.5 |
| 2024-01-31 | CVE-2023-6780 | Incorrect Calculation of Buffer Size vulnerability in multiple products An integer overflow was found in the __vsyslog_internal function of the glibc library. | 5.3 |
| 2024-01-31 | CVE-2024-1086 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. | 7.8 |
| 2024-01-30 | CVE-2024-1059 | Use After Free vulnerability in multiple products Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | 8.8 |
| 2024-01-30 | CVE-2024-1060 | Use After Free vulnerability in multiple products Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-01-30 | CVE-2024-1077 | Use After Free vulnerability in multiple products Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. | 8.8 |
| 2024-01-29 | CVE-2024-23334 | Path Traversal vulnerability in multiple products aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 7.5 |
| 2024-01-29 | CVE-2024-23829 | HTTP Request Smuggling vulnerability in multiple products aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 6.5 |