Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 4932 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-4331 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-20 N/A 8.8 HIGH
Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-4558 3 Apple, Fedoraproject, Google 6 Ipados, Iphone Os, Macos and 3 more 2024-12-20 N/A 9.6 CRITICAL
Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-5160 3 Fedoraproject, Google, Microsoft 3 Fedora, Chrome, Windows 2024-12-20 N/A 8.8 HIGH
Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2024-4559 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 6.5 MEDIUM
Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-4948 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 6.5 MEDIUM
Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-2174 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 8.8 HIGH
Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-2176 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 8.8 HIGH
Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-4949 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 6.5 MEDIUM
Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-2400 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 8.8 HIGH
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-1938 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-1939 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-5158 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 8.1 HIGH
Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2024-5159 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 8.8 HIGH
Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
CVE-2024-23839 2 Fedoraproject, Oisf 2 Fedora, Suricata 2024-12-19 N/A 7.1 HIGH
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
CVE-2024-24568 2 Fedoraproject, Oisf 2 Fedora, Suricata 2024-12-19 N/A 5.3 MEDIUM
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.
CVE-2024-23836 2 Fedoraproject, Oisf 2 Fedora, Suricata 2024-12-19 N/A 7.5 HIGH
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.
CVE-2024-3914 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 6.5 MEDIUM
Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-4060 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 6.5 MEDIUM
Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-1676 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 5.4 MEDIUM
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-1673 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 N/A 8.8 HIGH
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)