Fedora - Vulncode-DB

Date	Id	Summary	Products	Score
2022-03-06	CVE-2022-26490	st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.	Debian_linux, Fedora, Linux_kernel, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware	7.8
2022-04-03	CVE-2022-28390	ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.	Debian_linux, Fedora, Linux_kernel, Hci_baseboard_management_controller	7.8
2023-12-08	CVE-2023-6622	A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.	Fedora, Linux_kernel, Enterprise_linux	5.5
2023-09-05	CVE-2023-4761	Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)	Debian_linux, Fedora, Chrome	8.1
2023-09-18	CVE-2023-4527	A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.	Fedora, Glibc, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Codeready_linux_builder_eus, Codeready_linux_builder_eus_for_power_little_endian, Codeready_linux_builder_eus_for_power_little_endian_eus, Codeready_linux_builder_for_arm64, Codeready_linux_builder_for_arm64_eus, Codeready_linux_builder_for_ibm_z_systems, Codeready_linux_builder_for_ibm_z_systems_eus, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_ibm_z_systems_eus_s390x, Enterprise_linux_for_ibm_z_systems_s390x, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_tus	6.5
2024-01-24	CVE-2024-0813	Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)	Fedora, Chrome	8.8
2024-01-24	CVE-2024-0805	Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)	Fedora, Chrome	4.3
2024-01-24	CVE-2024-0806	Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)	Fedora, Chrome	8.8
2024-01-24	CVE-2024-0807	Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	Fedora, Chrome	8.8
2024-04-29	CVE-2024-1874	In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.	Fedora, Php	N/A

Product: Fedora (Fedoraproject)

Product:
Fedora
(Fedoraproject)