Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2023-39356

Exploit
  • EPSS 0.15%
  • Published 31.08.2023 21:15:08
  • Last modified 10.04.2025 21:05:20

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there i...

9.8

CVE-2023-39352

Exploit
  • EPSS 0.09%
  • Published 31.08.2023 21:15:07
  • Last modified 11.04.2025 14:48:41

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` ...

7.5

CVE-2023-39350

Exploit
  • EPSS 0.31%
  • Published 31.08.2023 20:15:08
  • Last modified 10.04.2025 20:51:24

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an ins...

7.5

CVE-2023-39351

Exploit
  • EPSS 0.1%
  • Published 31.08.2023 20:15:08
  • Last modified 21.11.2024 08:15:12

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_...

7.5

CVE-2023-39354

Exploit
  • EPSS 0.18%
  • Published 31.08.2023 20:15:08
  • Last modified 21.11.2024 08:15:13

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it proce...

7.5

CVE-2023-40589

Exploit
  • EPSS 0.1%
  • Published 31.08.2023 19:15:11
  • Last modified 21.11.2024 08:19:46

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger t...

7.5

CVE-2023-20900

  • EPSS 0.84%
  • Published 31.08.2023 10:15:08
  • Last modified 21.11.2024 07:41:47

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if ...

8.8

CVE-2023-4572

  • EPSS 0.6%
  • Published 29.08.2023 20:15:10
  • Last modified 21.11.2024 08:35:27

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

7.5

CVE-2023-38802

Exploit
  • EPSS 0.77%
  • Published 29.08.2023 16:15:09
  • Last modified 21.11.2024 08:14:13

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

7.5

CVE-2023-41358

  • EPSS 0.35%
  • Published 29.08.2023 04:15:16
  • Last modified 21.11.2024 08:21:08

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.