Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2023-1194

  • EPSS 0.09%
  • Veröffentlicht 03.11.2023 08:15:07
  • Zuletzt bearbeitet 20.03.2025 17:01:03

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missi...

6.5

CVE-2023-42670

  • EPSS 0.49%
  • Veröffentlicht 03.11.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 08:22:55

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intende...

7

CVE-2023-41914

  • EPSS 0.06%
  • Veröffentlicht 03.11.2023 05:15:30
  • Zuletzt bearbeitet 21.11.2024 08:21:54

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.

7.5

CVE-2023-43665

  • EPSS 1.45%
  • Veröffentlicht 03.11.2023 05:15:30
  • Zuletzt bearbeitet 21.11.2024 08:24:34

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, ...

7.5

CVE-2023-44271

  • EPSS 0.14%
  • Veröffentlicht 03.11.2023 05:15:30
  • Zuletzt bearbeitet 21.11.2024 08:25:33

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when...

7.5

CVE-2023-41164

  • EPSS 0.43%
  • Veröffentlicht 03.11.2023 05:15:29
  • Zuletzt bearbeitet 21.11.2024 08:20:42

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

8.8

CVE-2023-5849

  • EPSS 1.14%
  • Veröffentlicht 01.11.2023 18:15:10
  • Zuletzt bearbeitet 29.04.2025 21:15:50

Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

4.3

CVE-2023-5850

  • EPSS 0.86%
  • Veröffentlicht 01.11.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 08:42:37

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)

4.3

CVE-2023-5851

  • EPSS 0.46%
  • Veröffentlicht 01.11.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 08:42:37

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

8.8

CVE-2023-5852

  • EPSS 0.66%
  • Veröffentlicht 01.11.2023 18:15:10
  • Zuletzt bearbeitet 29.04.2025 21:15:50

Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)