Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.76%
  • Veröffentlicht 07.05.2024 18:15:08
  • Zuletzt bearbeitet 12.05.2026 12:16:35

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can ...

  • EPSS 0.98%
  • Veröffentlicht 06.05.2024 15:15:23
  • Zuletzt bearbeitet 03.11.2025 22:16:54

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting ...

  • EPSS 3.4%
  • Veröffentlicht 06.05.2024 15:15:23
  • Zuletzt bearbeitet 03.12.2025 15:32:11

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to intera...

  • EPSS 0.47%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 04.11.2025 18:16:22

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to ...

  • EPSS 0.41%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 04.11.2025 18:16:22

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST...

Exploit
  • EPSS 0.9%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 04.11.2025 18:16:22

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands...

Exploit
  • EPSS 0.67%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 04.11.2025 18:16:22

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1...

  • EPSS 1.23%
  • Veröffentlicht 03.05.2024 01:15:48
  • Zuletzt bearbeitet 04.11.2025 18:16:21

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

  • EPSS 1.32%
  • Veröffentlicht 03.05.2024 01:15:48
  • Zuletzt bearbeitet 04.11.2025 18:16:21

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

  • EPSS 1.13%
  • Veröffentlicht 02.05.2024 20:15:07
  • Zuletzt bearbeitet 26.08.2025 17:21:28

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.