Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
fedoraproject fedora

Version 38

SINGLE_NUMBER 17 CVEs

Known Vulnerabilities

CVE-2024-4671

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CRITICAL CVSS 9.6 Published May 09, 2024

CVE-2024-3833

Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

HIGH CVSS 8.8 Published Apr 17, 2024

CVE-2024-3832

Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

UNKNOWN CVSS 8.8 Published Apr 17, 2024

CVE-2024-2627

Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

UNKNOWN CVSS 8.8 Published Mar 20, 2024

CVE-2024-2400

Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

UNKNOWN CVSS 8.8 Published Mar 13, 2024

CVE-2024-25111

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.

HIGH CVSS 8.6 Published Mar 06, 2024

CVE-2024-24246

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

UNKNOWN CVSS 5.5 Published Feb 29, 2024

CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.

HIGH CVSS 7.5 Published Feb 26, 2024

CVE-2024-24568

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.

MEDIUM CVSS 5.3 Published Feb 26, 2024

CVE-2024-1077

Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

HIGH CVSS 8.8 Published Jan 30, 2024

CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

HIGH CVSS 7.8 Published Dec 24, 2023

CVE-2023-37536

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

HIGH CVSS 8.2 Published Oct 11, 2023

CVE-2023-41993

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

HIGH CVSS 8.8 Published Sep 21, 2023

CVE-2023-4762

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

HIGH CVSS 8.8 Published Sep 05, 2023

CVE-2023-38197

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

HIGH CVSS 7.5 Published Jul 13, 2023

CVE-2023-32067

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.

HIGH CVSS 7.5 Published May 25, 2023

CVE-2022-48257

In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp.

MEDIUM CVSS 5.3 Published Jan 13, 2023