Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-01 CVE-2023-5854 Use After Free vulnerability in multiple products
Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-11-01 CVE-2023-5855 Use After Free vulnerability in multiple products
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-11-01 CVE-2023-5856 Use After Free vulnerability in multiple products
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-11-01 CVE-2023-5857 Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file.
network
low complexity
google debian fedoraproject
8.8
8.8
2023-10-27 CVE-2023-34058 Improper Verification of Cryptographic Signature vulnerability in multiple products
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . 		7.5
7.5
2023-10-25 CVE-2023-5367 Out-of-bounds Write vulnerability in multiple products
A out-of-bounds write flaw was found in the xorg-x11-server.
local
low complexity
x-org redhat fedoraproject debian CWE-787
7.8
7.8
2023-10-25 CVE-2023-42852 A logic issue was addressed with improved checks.
network
low complexity
apple fedoraproject debian
8.8
8.8
2023-10-25 CVE-2023-5472 Use After Free vulnerability in multiple products
Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8
2023-10-23 CVE-2023-31122 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
network
low complexity
apache fedoraproject CWE-125
7.5
7.5
2023-10-20 CVE-2023-5686 Out-of-bounds Write vulnerability in multiple products
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
network
low complexity
radare fedoraproject CWE-787
8.8
8.8