Filtered by vendor Fedoraproject Subscriptions
Filtered by product Fedora Subscriptions
Total 5202 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-4273 5 Debian, Fedoraproject, Linux and 2 more 12 Debian Linux, Fedora, Linux Kernel and 9 more 2024-11-21 6 Medium
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.
CVE-2023-3773 4 Debian, Fedoraproject, Linux and 1 more 4 Debian Linux, Fedora, Linux Kernel and 1 more 2024-11-21 5.5 Medium
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.
CVE-2024-0443 3 Fedoraproject, Linux, Redhat 4 Fedora, Linux Kernel, Enterprise Linux and 1 more 2024-11-21 5.5 Medium
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.
CVE-2023-4901 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 4.3 Medium
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-5847 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
CVE-2024-5846 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
CVE-2024-5845 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
CVE-2024-5844 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-5843 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.5 Medium
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)
CVE-2024-5842 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-5841 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-5840 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.5 Medium
Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-5839 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.5 Medium
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-5838 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2024-5837 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2024-5836 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2024-5835 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-5834 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2024-5833 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2024-5832 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)