Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-2631 |
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Published: March 20, 2024; 1:15:07 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-2630 |
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Published: March 20, 2024; 1:15:07 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-2629 |
Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Published: March 20, 2024; 1:15:07 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-2628 |
Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) Published: March 20, 2024; 1:15:07 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-2627 |
Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Published: March 20, 2024; 1:15:07 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-2626 |
Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) Published: March 20, 2024; 1:15:07 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-2625 |
Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Published: March 20, 2024; 1:15:07 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-24246 |
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h. Published: February 29, 2024; 3:15:41 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-52160 |
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. Published: February 22, 2024; 12:15:08 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-50387 |
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. Published: February 14, 2024; 11:15:45 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-52429 |
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. Published: February 11, 2024; 10:15:32 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-1312 |
A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system. Published: February 08, 2024; 8:15:09 AM -0500 |
V3.1: 4.7 MEDIUM V2.0:(not available) |
CVE-2024-20290 |
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog . Published: February 07, 2024; 12:15:10 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-1284 |
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: February 06, 2024; 7:15:56 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-1283 |
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: February 06, 2024; 7:15:56 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-0690 |
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. Published: February 06, 2024; 7:15:55 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-21626 |
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. Published: January 31, 2024; 5:15:53 PM -0500 |
V3.1: 8.6 HIGH V2.0:(not available) |
CVE-2023-6780 |
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. Published: January 31, 2024; 9:15:48 AM -0500 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-6779 |
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. Published: January 31, 2024; 9:15:48 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6246 |
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. Published: January 31, 2024; 9:15:48 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |