Fedoraproject

Fedora

5355 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-47212

Exploit
  • EPSS 0.27%
  • Veröffentlicht 01.05.2024 16:15:07
  • Zuletzt bearbeitet 04.11.2025 18:15:42

A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

8.8

CVE-2024-4058

  • EPSS 6.53%
  • Veröffentlicht 01.05.2024 13:15:52
  • Zuletzt bearbeitet 04.11.2025 18:16:41

Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

6.5

CVE-2024-4059

Exploit
  • EPSS 0.18%
  • Veröffentlicht 01.05.2024 13:15:52
  • Zuletzt bearbeitet 04.11.2025 18:16:41

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)

6.5

CVE-2024-4060

Exploit
  • EPSS 0.22%
  • Veröffentlicht 01.05.2024 13:15:52
  • Zuletzt bearbeitet 04.11.2025 18:16:42

Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-4331

Exploit
  • EPSS 1.16%
  • Veröffentlicht 01.05.2024 13:15:52
  • Zuletzt bearbeitet 20.12.2024 17:22:46

Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-4368

Exploit
  • EPSS 0.43%
  • Veröffentlicht 01.05.2024 13:15:52
  • Zuletzt bearbeitet 13.03.2025 20:15:23

Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

5.5

CVE-2024-27014

  • EPSS 0.01%
  • Veröffentlicht 01.05.2024 06:15:20
  • Zuletzt bearbeitet 04.11.2025 18:16:11

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the `priv->state_lock`, any scheduled aRFS works are canceled using the `cancel_work_sync` function, whic...

5.5

CVE-2024-27015

  • EPSS 0.02%
  • Veröffentlicht 01.05.2024 06:15:20
  • Zuletzt bearbeitet 04.11.2025 18:16:11

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header ...

5.5

CVE-2024-27016

  • EPSS 0.02%
  • Veröffentlicht 01.05.2024 06:15:20
  • Zuletzt bearbeitet 04.11.2025 18:16:11

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use...

5.5

CVE-2024-27017

  • EPSS 0.01%
  • Veröffentlicht 01.05.2024 06:15:20
  • Zuletzt bearbeitet 04.11.2025 18:16:11

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot ...