Vulnerabilities > Fedoraproject > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-20 | CVE-2024-2625 | Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | 8.8 |
2024-03-20 | CVE-2024-2627 | Use After Free vulnerability in multiple products Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2024-02-14 | CVE-2023-50387 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. | 7.5 |
2024-02-07 | CVE-2024-20290 | Out-of-bounds Read vulnerability in multiple products A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. | 7.5 |
2024-01-31 | CVE-2024-21626 | Exposure of Resource to Wrong Sphere vulnerability in multiple products runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. | 8.6 |
2024-01-31 | CVE-2023-6246 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. | 7.8 |
2024-01-31 | CVE-2023-6779 | Out-of-bounds Write vulnerability in multiple products An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. | 7.5 |
2024-01-30 | CVE-2024-1059 | Use After Free vulnerability in multiple products Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | 8.8 |
2024-01-30 | CVE-2024-1060 | Use After Free vulnerability in multiple products Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2024-01-30 | CVE-2024-1077 | Use After Free vulnerability in multiple products Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. | 8.8 |