Fedora Project Fedora
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Fedora Project Fedora.
By the Year
In 2025 there have been 0 vulnerabilities in Fedora Project Fedora. Last year, in 2024 Fedora had 299 security vulnerabilities published. Right now, Fedora is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 299 | 7.40 |
2023 | 553 | 6.76 |
2022 | 976 | 7.13 |
2021 | 1147 | 7.11 |
2020 | 843 | 6.83 |
2019 | 630 | 7.10 |
2018 | 71 | 7.19 |
It may take a day or so for new Fedora vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fedora Project Fedora Security Vulnerabilities
A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel
CVE-2023-4134
5.5 - Medium
- November 14, 2024
A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service.
Dangling pointer
A flaw was found in Podman
CVE-2024-3056
7.7 - High
- August 02, 2024
A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all containers using it are stopped, and one non-malicious container is holding the namespace open. The malicious container is restarted, either automatically or by attacker control, repeating the process and increasing the amount of memory consumed. With a container configured to restart always, such as `podman run --restart=always`, this can result in a memory-based denial of service of the system.
Resource Exhaustion
Use after free in Dawn in Google Chrome prior to 126.0.6478.126
CVE-2024-6293
8.8 - High
- June 24, 2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Dawn in Google Chrome prior to 126.0.6478.126
CVE-2024-6292
8.8 - High
- June 24, 2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126
CVE-2024-6291
8.8 - High
- June 24, 2024
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Dawn in Google Chrome prior to 126.0.6478.126
CVE-2024-6290
8.8 - High
- June 24, 2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Incorrect CSRF token checks resulted in multiple CSRF risks.
CVE-2024-38276
8.8 - High
- June 18, 2024
Incorrect CSRF token checks resulted in multiple CSRF risks.
Session Riding
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54
CVE-2024-5843
6.5 - Medium
- June 11, 2024
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54
CVE-2024-5842
8.8 - High
- June 11, 2024
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5841
8.8 - High
- June 11, 2024
Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Policy bypass in CORS in Google Chrome prior to 126.0.6478.54
CVE-2024-5840
6.5 - Medium
- June 11, 2024
Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54
CVE-2024-5839
6.5 - Medium
- June 11, 2024
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5838
8.8 - High
- June 11, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5837
8.8 - High
- June 11, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54
CVE-2024-5836
8.8 - High
- June 11, 2024
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54
CVE-2024-5835
8.8 - High
- June 11, 2024
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54
CVE-2024-5834
8.8 - High
- June 11, 2024
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5833
8.8 - High
- June 11, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in Dawn in Google Chrome prior to 126.0.6478.54
CVE-2024-5832
8.8 - High
- June 11, 2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Dawn in Google Chrome prior to 126.0.6478.54
CVE-2024-5831
8.8 - High
- June 11, 2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5830
8.8 - High
- June 11, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54
CVE-2024-5844
8.8 - High
- June 11, 2024
Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Memory Corruption
Use after free in Audio in Google Chrome prior to 126.0.6478.54
CVE-2024-5845
8.8 - High
- June 11, 2024
Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Dangling pointer
Use after free in PDFium in Google Chrome prior to 126.0.6478.54
CVE-2024-5846
8.8 - High
- June 11, 2024
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Dangling pointer
Use after free in PDFium in Google Chrome prior to 126.0.6478.54
CVE-2024-5847
8.8 - High
- June 11, 2024
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Dangling pointer
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.
CVE-2024-4577
9.8 - Critical
- June 09, 2024
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Shell injection
The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version
CVE-2024-2408
5.9 - Medium
- June 09, 2024
The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. PHP Windows builds for the versions 8.1.29, 8.2.20 and 8.3.8 and above include OpenSSL patches that fix the vulnerability.
Side Channel Attack
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.
CVE-2024-5585
8.8 - High
- June 09, 2024
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
Output Sanitization
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.
CVE-2024-5458
5.3 - Medium
- June 09, 2024
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
Insufficient Verification of Data Authenticity
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141
CVE-2024-5493
8.8 - High
- May 30, 2024
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in Dawn in Google Chrome prior to 125.0.6422.141
CVE-2024-5494
8.8 - High
- May 30, 2024
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Dawn in Google Chrome prior to 125.0.6422.141
CVE-2024-5495
8.8 - High
- May 30, 2024
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Media Session in Google Chrome prior to 125.0.6422.141
CVE-2024-5496
8.8 - High
- May 30, 2024
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141
CVE-2024-5499
8.8 - High
- May 30, 2024
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141
CVE-2024-5498
8.8 - High
- May 30, 2024
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141
CVE-2024-5497
8.8 - High
- May 30, 2024
Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests
CVE-2024-31079
4.8 - Medium
- May 29, 2024
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.
Memory Corruption
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions
CVE-2024-32760
6.5 - Medium
- May 29, 2024
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
Memory Corruption
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets
CVE-2024-34161
5.3 - Medium
- May 29, 2024
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
Dangling pointer
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests
CVE-2024-35200
5.3 - Medium
- May 29, 2024
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.
NULL Pointer Dereference
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112
CVE-2024-5274
9.6 - Critical
- May 28, 2024
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76
CVE-2024-5159
8.8 - High
- May 22, 2024
Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds Read
Type Confusion in V8 in Google Chrome prior to 125.0.6422.76
CVE-2024-5158
8.1 - High
- May 22, 2024
Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in Scheduling in Google Chrome prior to 125.0.6422.76
CVE-2024-5157
8.8 - High
- May 22, 2024
Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76
CVE-2024-5160
8.8 - High
- May 22, 2024
Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
In the Linux kernel, the following vulnerability has been resolved:
dyndbg: fix old BUG_ON in >control parser
Fix a BUG_ON from 2009
CVE-2024-35947
- May 19, 2024
In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead.
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG
CVE-2024-36048
- May 18, 2024
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60
CVE-2024-4950
6.5 - Medium
- May 15, 2024
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Clickjacking
Use after free in V8 in Google Chrome prior to 125.0.6422.60
CVE-2024-4949
6.5 - Medium
- May 15, 2024
Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in Dawn in Google Chrome prior to 125.0.6422.60
CVE-2024-4948
6.5 - Medium
- May 15, 2024
Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Fedora Project? Click the Watch button to subscribe.
