Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-3116

Exploit
  • EPSS 90.68%
  • Veröffentlicht 04.04.2024 15:15:39
  • Zuletzt bearbeitet 17.03.2025 16:43:52

pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database managem...

5.3

CVE-2024-28182

  • EPSS 24.97%
  • Veröffentlicht 04.04.2024 15:15:38
  • Zuletzt bearbeitet 04.11.2025 19:17:05

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. ...

5.9

CVE-2024-28219

  • EPSS 0.26%
  • Veröffentlicht 03.04.2024 03:15:09
  • Zuletzt bearbeitet 04.11.2025 19:17:05

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

9.8

CVE-2024-3209

Exploit
  • EPSS 0.27%
  • Veröffentlicht 02.04.2024 23:15:55
  • Zuletzt bearbeitet 25.04.2025 14:33:54

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be us...

8.2

CVE-2024-28960

  • EPSS 0.18%
  • Veröffentlicht 29.03.2024 06:15:07
  • Zuletzt bearbeitet 04.11.2025 22:15:59

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

3.5

CVE-2024-2004

Exploit
  • EPSS 0.84%
  • Veröffentlicht 27.03.2024 08:15:41
  • Zuletzt bearbeitet 30.07.2025 19:42:14

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to c...

8.6

CVE-2024-2398

Exploit
  • EPSS 1.96%
  • Veröffentlicht 27.03.2024 08:15:41
  • Zuletzt bearbeitet 30.07.2025 19:42:27

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all...

8.8

CVE-2024-2883

Exploit
  • EPSS 0.14%
  • Veröffentlicht 26.03.2024 21:15:53
  • Zuletzt bearbeitet 14.03.2025 02:15:13

Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8

CVE-2024-2885

Exploit
  • EPSS 0.16%
  • Veröffentlicht 26.03.2024 21:15:53
  • Zuletzt bearbeitet 18.03.2025 16:15:21

Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

7.5

CVE-2024-2886

Exploit
  • EPSS 0.5%
  • Veröffentlicht 26.03.2024 21:15:53
  • Zuletzt bearbeitet 22.03.2025 14:15:14

Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)