Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-09 CVE-2024-4577 OS Command Injection vulnerability in multiple products
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions.
network
low complexity
php fedoraproject CWE-78
critical
9.8
2024-05-14 CVE-2024-4671 Use After Free vulnerability in multiple products
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
critical
9.6
2024-02-19 CVE-2024-1597 SQL Injection vulnerability in multiple products
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE.
network
low complexity
postgresql fedoraproject CWE-89
critical
9.8
2024-02-07 CVE-2024-1283 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
critical
9.8
2024-02-07 CVE-2024-1284 Use After Free vulnerability in multiple products
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
critical
9.8
2024-01-24 CVE-2024-0808 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file.
network
low complexity
google fedoraproject CWE-191
critical
9.8
2024-01-18 CVE-2023-6816 Out-of-bounds Write vulnerability in multiple products
A flaw was found in X.Org server.
network
low complexity
x-org fedoraproject redhat debian CWE-787
critical
9.8
2024-01-16 CVE-2023-6395 The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges.
network
low complexity
rpm-software-management fedoraproject
critical
9.8
2023-12-27 CVE-2023-6879 Out-of-bounds Write vulnerability in multiple products
Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().
network
low complexity
aomedia fedoraproject CWE-787
critical
9.8
2023-11-29 CVE-2023-6345 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file.
network
low complexity
google debian fedoraproject microsoft CWE-190
critical
9.6