Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-4073

  • EPSS 0.7%
  • Veröffentlicht 03.08.2023 01:15:11
  • Zuletzt bearbeitet 21.11.2024 08:34:21

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

6.5

CVE-2023-29407

  • EPSS 0.42%
  • Veröffentlicht 02.08.2023 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:57:00

A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.

6.5

CVE-2023-29408

  • EPSS 0.21%
  • Veröffentlicht 02.08.2023 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:57:00

The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compr...

3.3

CVE-2023-4016

  • EPSS 0.01%
  • Veröffentlicht 02.08.2023 05:15:09
  • Zuletzt bearbeitet 21.11.2024 08:34:14

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

5.5

CVE-2023-38559

  • EPSS 0.02%
  • Veröffentlicht 01.08.2023 17:15:09
  • Zuletzt bearbeitet 21.11.2024 08:13:49

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.

7.8

CVE-2023-4004

  • EPSS 0.02%
  • Veröffentlicht 31.07.2023 17:15:10
  • Zuletzt bearbeitet 21.11.2024 08:34:12

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate...

4.3

CVE-2022-4917

Exploit
  • EPSS 0.12%
  • Veröffentlicht 29.07.2023 00:15:11
  • Zuletzt bearbeitet 21.11.2024 07:36:14

Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low)

6.5

CVE-2022-4926

Exploit
  • EPSS 0.05%
  • Veröffentlicht 29.07.2023 00:15:11
  • Zuletzt bearbeitet 21.11.2024 07:36:15

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

8.8

CVE-2022-4907

Exploit
  • EPSS 1.45%
  • Veröffentlicht 29.07.2023 00:15:10
  • Zuletzt bearbeitet 21.11.2024 07:36:13

Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

9.8

CVE-2023-37920

  • EPSS 0.11%
  • Veröffentlicht 25.07.2023 21:15:10
  • Zuletzt bearbeitet 13.02.2025 13:50:15

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certific...