Vulnerabilities > Fedoraproject > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-21 | CVE-2023-1533 | Use After Free vulnerability in multiple products Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-03-21 | CVE-2023-1534 | Out-of-bounds Read vulnerability in multiple products Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-03-21 | CVE-2022-42332 | Use After Free vulnerability in multiple products x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. | 7.8 |
| 2023-03-21 | CVE-2022-42333 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. | 8.6 |
| 2023-03-06 | CVE-2022-4904 | Improper Validation of Specified Quantity in Input vulnerability in multiple products A flaw was found in the c-ares package. | 8.6 |
| 2023-03-02 | CVE-2023-25358 | Use After Free vulnerability in multiple products A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 |
| 2023-03-01 | CVE-2023-1127 | Divide By Zero vulnerability in multiple products Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | 7.8 |
| 2023-02-28 | CVE-2023-27320 | Double Free vulnerability in multiple products Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | 7.2 |
| 2023-02-20 | CVE-2023-26081 | Exposure of Resource to Wrong Sphere vulnerability in multiple products In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | 7.5 |
| 2023-02-17 | CVE-2023-24329 | Improper Input Validation vulnerability in multiple products An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | 7.5 |