Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 4932 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6510 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
CVE-2023-6509 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)
CVE-2023-6508 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6395 2 Fedoraproject, Rpm-software-management 3 Extra Packages For Enterprise Linux, Fedora, Mock 2024-11-21 N/A 6.7 MEDIUM
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.
CVE-2023-6351 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
CVE-2023-6350 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
CVE-2023-6348 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6347 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6346 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6277 3 Fedoraproject, Libtiff, Redhat 3 Fedora, Libtiff, Enterprise Linux 2024-11-21 N/A 6.5 MEDIUM
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
CVE-2023-6246 2 Fedoraproject, Gnu 2 Fedora, Glibc 2024-11-21 N/A 8.4 HIGH
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.
CVE-2023-6238 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-11-21 N/A 6.7 MEDIUM
A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.
CVE-2023-6112 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6004 3 Fedoraproject, Libssh, Redhat 3 Fedora, Libssh, Enterprise Linux 2024-11-21 N/A 4.8 MEDIUM
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
CVE-2023-5997 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-5996 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-5981 3 Fedoraproject, Gnu, Redhat 3 Fedora, Gnutls, Linux 2024-11-21 N/A 5.9 MEDIUM
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
CVE-2023-5972 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-11-21 N/A 7.0 HIGH
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.
CVE-2023-5859 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 4.3 MEDIUM
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)
CVE-2023-5858 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 N/A 4.3 MEDIUM
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)