U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 481 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-52429

dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.

Published: February 11, 2024; 10:15:32 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-20290

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .

Published: February 07, 2024; 12:15:10 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-1284

Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: February 06, 2024; 7:15:56 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-1283

Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: February 06, 2024; 7:15:56 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-0690

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

Published: February 06, 2024; 7:15:55 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-6780

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

Published: January 31, 2024; 9:15:48 AM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-6779

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Published: January 31, 2024; 9:15:48 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-6246

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Published: January 31, 2024; 9:15:48 AM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-1077

Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

Published: January 30, 2024; 5:15:53 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-1060

Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: January 30, 2024; 5:15:53 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-1059

Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

Published: January 30, 2024; 5:15:52 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-46838

Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.

Published: January 29, 2024; 6:15:07 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-0814

Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Published: January 23, 2024; 7:15:08 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-0813

Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

Published: January 23, 2024; 7:15:08 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-0812

Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Published: January 23, 2024; 7:15:08 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-0811

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Published: January 23, 2024; 7:15:08 PM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2024-0809

Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

Published: January 23, 2024; 7:15:08 PM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2024-0808

Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

Published: January 23, 2024; 7:15:07 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-0807

Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: January 23, 2024; 7:15:07 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-0806

Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

Published: January 23, 2024; 7:15:07 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)