Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-21 CVE-2023-7024 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-787
8.8
2023-12-21 CVE-2023-6546 Race Condition vulnerability in multiple products
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel.
local
high complexity
linux fedoraproject redhat CWE-362
7.0
2023-12-14 CVE-2023-6702 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject microsoft CWE-843
8.8
2023-12-12 CVE-2023-5764 A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data.
local
low complexity
redhat fedoraproject
7.8
2023-12-11 CVE-2023-6185 Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
network
low complexity
libreoffice fedoraproject debian
8.8
2023-12-11 CVE-2023-6186 Improper Preservation of Permissions vulnerability in multiple products
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
network
low complexity
libreoffice fedoraproject debian CWE-281
8.8
2023-12-06 CVE-2023-6508 Use After Free vulnerability in multiple products
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
2023-12-06 CVE-2023-6509 Use After Free vulnerability in multiple products
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction.
network
low complexity
debian fedoraproject google CWE-416
8.8
2023-12-06 CVE-2023-6510 Use After Free vulnerability in multiple products
Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction.
network
low complexity
debian fedoraproject google CWE-416
8.8
2023-11-30 CVE-2023-42917 Out-of-bounds Write vulnerability in multiple products
A memory corruption vulnerability was addressed with improved locking.
network
low complexity
apple debian fedoraproject webkitgtk CWE-787
8.8