Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2024-27834

  • EPSS 0.01%
  • Veröffentlicht 14.05.2024 15:13:06
  • Zuletzt bearbeitet 12.12.2024 14:33:00

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

7.2

CVE-2024-25641

Exploit
  • EPSS 89.04%
  • Veröffentlicht 14.05.2024 15:05:50
  • Zuletzt bearbeitet 18.12.2024 20:54:30

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permis...

9.6

CVE-2024-4558

Exploit
  • EPSS 1.41%
  • Veröffentlicht 07.05.2024 19:15:08
  • Zuletzt bearbeitet 20.12.2024 17:18:09

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

6.5

CVE-2024-4559

Exploit
  • EPSS 0.26%
  • Veröffentlicht 07.05.2024 19:15:08
  • Zuletzt bearbeitet 19.12.2024 20:47:26

Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

5.2

CVE-2024-34397

Exploit
  • EPSS 0.1%
  • Veröffentlicht 07.05.2024 18:15:08
  • Zuletzt bearbeitet 18.06.2025 14:36:02

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can ...

5.4

CVE-2024-34064

  • EPSS 0.58%
  • Veröffentlicht 06.05.2024 15:15:23
  • Zuletzt bearbeitet 08.09.2025 19:27:31

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting ...

6.1

CVE-2024-34500

  • EPSS 0.3%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 11.06.2025 14:44:14

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to ...

9.8

CVE-2024-34502

  • EPSS 0.16%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 17.06.2025 14:53:28

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST...

7.5

CVE-2024-34506

Exploit
  • EPSS 0.15%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 17.06.2025 16:40:07

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands...

7.4

CVE-2024-34507

Exploit
  • EPSS 0.4%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 17.06.2025 16:37:39

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1...