Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-28180

  • EPSS 3.64%
  • Veröffentlicht 09.03.2024 01:15:07
  • Zuletzt bearbeitet 03.12.2025 20:29:36

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or Decrypt...

7.4

CVE-2024-28184

  • EPSS 0.12%
  • Veröffentlicht 09.03.2024 01:15:07
  • Zuletzt bearbeitet 02.12.2025 21:57:58

WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to file...

6.5

CVE-2024-23280

  • EPSS 0.53%
  • Veröffentlicht 08.03.2024 02:15:49
  • Zuletzt bearbeitet 04.11.2025 19:16:46

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.

6.5

CVE-2024-23284

  • EPSS 0.52%
  • Veröffentlicht 08.03.2024 02:15:49
  • Zuletzt bearbeitet 04.11.2025 19:16:49

A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web conte...

6.5

CVE-2024-23254

  • EPSS 0.47%
  • Veröffentlicht 08.03.2024 02:15:48
  • Zuletzt bearbeitet 04.11.2025 19:16:42

The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.

6.5

CVE-2024-23263

  • EPSS 0.36%
  • Veröffentlicht 08.03.2024 02:15:48
  • Zuletzt bearbeitet 04.11.2025 19:16:44

A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may...

9.9

CVE-2024-2044

Exploit
  • EPSS 80.9%
  • Veröffentlicht 07.03.2024 21:15:08
  • Zuletzt bearbeitet 19.09.2025 14:55:20

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain co...

7.5

CVE-2024-1931

  • EPSS 6.75%
  • Veröffentlicht 07.03.2024 10:15:07
  • Zuletzt bearbeitet 17.12.2024 16:56:50

NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from ...

8.8

CVE-2024-2174

Exploit
  • EPSS 0.1%
  • Veröffentlicht 06.03.2024 19:15:09
  • Zuletzt bearbeitet 19.12.2024 20:24:09

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-2176

Exploit
  • EPSS 0.46%
  • Veröffentlicht 06.03.2024 19:15:09
  • Zuletzt bearbeitet 19.12.2024 20:23:37

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)