Fedoraproject

Fedora

5355 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2024-28184

  • EPSS 0.12%
  • Veröffentlicht 09.03.2024 01:15:07
  • Zuletzt bearbeitet 02.12.2025 21:57:58

WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to file...

6.5

CVE-2024-23280

  • EPSS 0.62%
  • Veröffentlicht 08.03.2024 02:15:49
  • Zuletzt bearbeitet 02.04.2026 19:17:12

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.

6.5

CVE-2024-23284

  • EPSS 0.59%
  • Veröffentlicht 08.03.2024 02:15:49
  • Zuletzt bearbeitet 02.04.2026 19:17:13

A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web conte...

6.5

CVE-2024-23254

  • EPSS 0.43%
  • Veröffentlicht 08.03.2024 02:15:48
  • Zuletzt bearbeitet 02.04.2026 19:17:06

The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.

6.5

CVE-2024-23263

  • EPSS 0.37%
  • Veröffentlicht 08.03.2024 02:15:48
  • Zuletzt bearbeitet 02.04.2026 19:17:08

A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may...

9.9

CVE-2024-2044

Exploit
  • EPSS 83.47%
  • Veröffentlicht 07.03.2024 21:15:08
  • Zuletzt bearbeitet 19.09.2025 14:55:20

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain co...

7.5

CVE-2024-1931

  • EPSS 6.75%
  • Veröffentlicht 07.03.2024 10:15:07
  • Zuletzt bearbeitet 17.12.2024 16:56:50

NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from ...

8.8

CVE-2024-2174

Exploit
  • EPSS 0.19%
  • Veröffentlicht 06.03.2024 19:15:09
  • Zuletzt bearbeitet 19.12.2024 20:24:09

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-2176

Exploit
  • EPSS 1.33%
  • Veröffentlicht 06.03.2024 19:15:09
  • Zuletzt bearbeitet 19.12.2024 20:23:37

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-2173

Exploit
  • EPSS 0.17%
  • Veröffentlicht 06.03.2024 19:15:08
  • Zuletzt bearbeitet 21.03.2025 21:15:35

Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)