Filtered by vendor Fedoraproject Subscriptions
Filtered by product Fedora Subscriptions
Total 5116 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-2461 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Chrome and 1 more 2024-10-07 8.8 High
Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)
CVE-2023-2134 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-07 8.8 High
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-2133 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-07 8.8 High
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-1818 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-07 8.8 High
Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2460 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-07 7.1 High
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2459 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-07 6.5 Medium
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-1823 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-04 6.5 Medium
Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-1822 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-04 6.5 Medium
Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-1817 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-04 6.5 Medium
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-1816 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-04 6.5 Medium
Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2021-29390 3 Fedoraproject, Libjpeg-turbo, Redhat 3 Fedora, Libjpeg-turbo, Enterprise Linux 2024-10-04 7.1 High
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
CVE-2022-1304 3 E2fsprogs Project, Fedoraproject, Redhat 3 E2fsprogs, Fedora, Enterprise Linux 2024-10-04 7.8 High
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
CVE-2024-3056 3 Fedoraproject, Podman Project, Redhat 5 Fedora, Podman, Enterprise Linux and 2 more 2024-10-04 4.8 Medium
A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all containers using it are stopped, and one non-malicious container is holding the namespace open. The malicious container is restarted, either automatically or by attacker control, repeating the process and increasing the amount of memory consumed. With a container configured to restart always, such as `podman run --restart=always`, this can result in a memory-based denial of service of the system.
CVE-2023-2137 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-03 8.8 High
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2135 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-03 7.5 High
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-2468 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-03 4.3 Medium
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-2467 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2024-10-03 4.3 Medium
Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-2466 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-03 4.3 Medium
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-2465 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-03 4.3 Medium
Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2464 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-03 4.3 Medium
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)