Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-4854

  • EPSS 0.25%
  • Veröffentlicht 14.05.2024 15:45:18
  • Zuletzt bearbeitet 18.04.2025 16:34:40

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

9.6

CVE-2024-4671

Warnung
  • EPSS 0.37%
  • Veröffentlicht 14.05.2024 15:44:15
  • Zuletzt bearbeitet 27.11.2024 19:27:48

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.1

CVE-2024-34340

Exploit
  • EPSS 0.79%
  • Veröffentlicht 14.05.2024 15:38:39
  • Zuletzt bearbeitet 18.12.2024 20:44:22

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verify...

7.2

CVE-2024-31459

Exploit
  • EPSS 3.63%
  • Veröffentlicht 14.05.2024 15:25:26
  • Zuletzt bearbeitet 18.12.2024 20:49:57

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. The...

8.8

CVE-2024-31460

Exploit
  • EPSS 1.08%
  • Veröffentlicht 14.05.2024 15:25:26
  • Zuletzt bearbeitet 18.12.2024 20:38:39

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_node...

8

CVE-2024-31458

Exploit
  • EPSS 3.56%
  • Veröffentlicht 14.05.2024 15:25:25
  • Zuletzt bearbeitet 18.12.2024 20:47:06

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement ...

8.8

CVE-2024-31445

Exploit
  • EPSS 42.3%
  • Veröffentlicht 14.05.2024 15:25:21
  • Zuletzt bearbeitet 18.12.2024 18:29:21

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL inject...

5.4

CVE-2024-31443

Exploit
  • EPSS 0.35%
  • Veröffentlicht 14.05.2024 15:25:20
  • Zuletzt bearbeitet 18.12.2024 18:28:19

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_p...

5.4

CVE-2024-31444

Exploit
  • EPSS 5.42%
  • Veröffentlicht 14.05.2024 15:25:20
  • Zuletzt bearbeitet 18.12.2024 18:28:58

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concaten...

4.7

CVE-2024-29894

Exploit
  • EPSS 0.1%
  • Veröffentlicht 14.05.2024 15:17:14
  • Zuletzt bearbeitet 18.12.2024 21:10:38

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/func...