Filtered by vendor Fedoraproject
Subscriptions
Total
5398 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20290 | 2 Cisco, Fedoraproject | 3 Secure Endpoint, Secure Endpoint Private Cloud, Fedora | 2025-02-13 | 7.5 High |
| A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog . | ||||
| CVE-2024-1939 | 2 Fedoraproject, Google | 3 Fedora, Chrome, V8 | 2025-02-13 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-1938 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 7.1 High |
| Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-1931 | 2 Fedoraproject, Nlnetlabs | 2 Fedora, Unbound | 2025-02-13 | 7.5 High |
| NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely. | ||||
| CVE-2024-1676 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 9.8 Critical |
| Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-1674 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 6.3 Medium |
| Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-1673 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 8.8 High |
| Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | ||||
| CVE-2024-1672 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 8.8 High |
| Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-1670 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 8.8 High |
| Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-1669 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 6.5 Medium |
| Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-0518 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 7.5 High |
| Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-7104 | 3 Fedoraproject, Redhat, Sqlite | 6 Fedora, Enterprise Linux, Openshift and 3 more | 2025-02-13 | 5.5 Medium |
| A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. | ||||
| CVE-2023-6702 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Edge Chromium | 2025-02-13 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-6511 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 4.3 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-6510 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 8.8 High |
| Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) | ||||
| CVE-2023-6509 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 8.8 High |
| Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) | ||||
| CVE-2023-6508 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 8.8 High |
| Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-6395 | 3 Fedoraproject, Redhat, Rpm-software-management | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2025-02-13 | 6.7 Medium |
| The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server. | ||||
| CVE-2023-6351 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 8.8 High |
| Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) | ||||
| CVE-2023-6350 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 8.8 High |
| Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) | ||||