Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5191 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-7024 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-12-20 | 8.8 High |
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2023-5217 | 8 Apple, Debian, Fedoraproject and 5 more | 15 Ipad Os, Iphone Os, Debian Linux and 12 more | 2024-12-20 | 8.8 High |
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-0519 | 3 Couchbase, Fedoraproject, Google | 3 Couchbase Server, Fedora, Chrome | 2024-12-20 | 8.8 High |
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2023-6345 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-12-20 | 9.6 Critical |
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | ||||
CVE-2023-4863 | 10 Bandisoft, Bentley, Debian and 7 more | 17 Honeyview, Seequent Leapfrog, Debian Linux and 14 more | 2024-12-20 | 8.8 High |
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | ||||
CVE-2024-4577 | 2 Fedoraproject, Php | 2 Fedora, Php | 2024-12-20 | 9.8 Critical |
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | ||||
CVE-2023-4762 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-12-20 | 8.8 High |
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2023-44487 | 32 Akka, Amazon, Apache and 29 more | 364 Http Server, Opensearch Data Prepper, Apisix and 361 more | 2024-12-20 | 7.5 High |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | ||||
CVE-2024-4368 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-20 | 8.8 High |
Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-4331 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-20 | 8.8 High |
Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-4558 | 4 Apple, Fedoraproject, Google and 1 more | 11 Ipados, Iphone Os, Macos and 8 more | 2024-12-20 | 9.6 Critical |
Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-5160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-12-20 | 8.8 High |
Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-2887 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-20 | 7.7 High |
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2023-29403 | 3 Fedoraproject, Golang, Redhat | 4 Fedora, Go, Devtools and 1 more | 2024-12-20 | 7.8 High |
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers. | ||||
CVE-2024-4559 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | 6.5 Medium |
Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-4948 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | 6.5 Medium |
Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-2174 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | 8.8 High |
Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-2176 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | 8.8 High |
Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-4949 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | 6.5 Medium |
Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2024-2400 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | 8.8 High |
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |