Fedoraproject: >> Fedora >> 38 Security Vulnerabilities
A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-11-14
CVE-2024-4947
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
9.6
EPSS Score
0.005
Published
2024-05-15
Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-15
Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-15
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
6.5
EPSS Score
0.001
Published
2024-05-15
CVE-2024-4761
Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.016
Published
2024-05-14
CVE-2024-4671
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
9.6
EPSS Score
0.004
Published
2024-05-14
Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
9.6
EPSS Score
0.014
Published
2024-05-07
Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
6.5
EPSS Score
0.003
Published
2024-05-07
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
CVSS Score
8.6
EPSS Score
0.002
Published
2024-05-03
Page 1