Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-1534 |
Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: March 21, 2023; 5:15:12 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-1533 |
Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: March 21, 2023; 5:15:12 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-1532 |
Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: March 21, 2023; 5:15:12 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-1531 |
Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: March 21, 2023; 5:15:12 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-1530 |
Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: March 21, 2023; 5:15:12 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-1529 |
Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) Published: March 21, 2023; 5:15:12 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-1528 |
Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: March 21, 2023; 5:15:12 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-4904 |
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. Published: March 06, 2023; 6:15:11 PM -0500 |
V3.1: 8.6 HIGH V2.0:(not available) |
CVE-2023-27320 |
Sudo before 1.9.13p2 has a double free in the per-command chroot feature. Published: February 28, 2023; 1:15:10 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-1055 |
A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality. Published: February 27, 2023; 5:15:09 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-23916 |
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. Published: February 23, 2023; 3:15:13 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-24329 |
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Published: February 17, 2023; 10:15:12 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-0361 |
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. Published: February 15, 2023; 1:15:11 PM -0500 |
V3.1: 7.4 HIGH V2.0:(not available) |
CVE-2023-25193 |
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Published: February 04, 2023; 3:15:08 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-3560 |
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. Published: February 02, 2023; 4:22:38 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-47021 |
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts. Published: January 20, 2023; 2:15:17 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-22809 |
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. Published: January 18, 2023; 12:15:10 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-22298 |
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. Published: January 17, 2023; 5:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-23589 |
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. Published: January 13, 2023; 8:15:15 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-23457 |
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. Published: January 12, 2023; 2:15:24 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |