Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
fedoraproject
61,3972057.0%CRITICAL

Related CVEs

100+
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-35094A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor.MEDIUM5.54.2%Apr 1, 2026
CVE-2026-35093A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.HIGH8.87.7%Apr 1, 2026
CVE-2023-4134A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service.MEDIUM5.58.6%Nov 14, 2024
CVE-2024-3056A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all containers using it are stopped, and one non-malicious container is holding the namespace open. The malicious container is restarted, either automatically or by attacker control, repeating the process and increasing the amount of memory consumed. With a container configured to restart always, such as `podman run --restart=always`, this can result in a memory-based denial of service of the system.HIGH7.739.9%Aug 2, 2024
CVE-2024-6293Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)HIGH8.840.0%Jun 24, 2024
CVE-2024-6292Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)HIGH8.839.5%Jun 24, 2024
CVE-2024-6291Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)HIGH8.841.7%Jun 24, 2024
CVE-2024-6290Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)HIGH8.840.0%Jun 24, 2024
CVE-2024-38277A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.MEDIUM5.415.4%Jun 18, 2024
CVE-2024-38276Incorrect CSRF token checks resulted in multiple CSRF risks.HIGH8.836.3%Jun 18, 2024
CVE-2024-38274Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.MEDIUM6.129.3%Jun 18, 2024
CVE-2024-38273Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.MEDIUM5.434.1%Jun 18, 2024
CVE-2024-5847Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)HIGH8.836.8%Jun 11, 2024
CVE-2024-5846Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)HIGH8.836.8%Jun 11, 2024
CVE-2024-5845Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)HIGH8.836.4%Jun 11, 2024
CVE-2024-5844Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)HIGH8.840.8%Jun 11, 2024
CVE-2024-5843Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)MEDIUM6.537.1%Jun 11, 2024
CVE-2024-5842Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)HIGH8.837.8%Jun 11, 2024
CVE-2024-5841Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)HIGH8.837.7%Jun 11, 2024
CVE-2024-5840Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)MEDIUM6.532.6%Jun 11, 2024