Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-2828

  • EPSS 0.87%
  • Published 21.06.2023 17:15:47
  • Last modified 21.11.2024 07:59:22

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-ca...

7.5

CVE-2023-2911

  • EPSS 0.29%
  • Published 21.06.2023 17:15:47
  • Last modified 21.11.2024 07:59:33

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly du...

5.5

CVE-2023-34474

  • EPSS 0.03%
  • Published 16.06.2023 20:15:09
  • Last modified 21.11.2024 08:07:20

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application...

5.5

CVE-2023-34475

  • EPSS 0.02%
  • Published 16.06.2023 20:15:09
  • Last modified 21.11.2024 08:07:20

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an appli...

5.5

CVE-2023-3195

Exploit
  • EPSS 0.02%
  • Published 16.06.2023 20:15:09
  • Last modified 21.11.2024 08:16:40

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

5.5

CVE-2023-2431

  • EPSS 0.01%
  • Published 16.06.2023 08:15:08
  • Last modified 12.12.2024 16:15:07

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerabili...

7.5

CVE-2023-30631

  • EPSS 0.54%
  • Published 14.06.2023 08:15:09
  • Last modified 13.02.2025 17:16:25

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuratio...

8.8

CVE-2023-3214

  • EPSS 1.52%
  • Published 13.06.2023 18:15:22
  • Last modified 05.05.2025 16:15:44

Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8

CVE-2023-3215

  • EPSS 19.98%
  • Published 13.06.2023 18:15:22
  • Last modified 05.05.2025 16:15:44

Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2023-3216

  • EPSS 0.76%
  • Published 13.06.2023 18:15:22
  • Last modified 05.05.2025 16:15:44

Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)