Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2024-22667

Medienbericht Exploit
  • EPSS 0.14%
  • Veröffentlicht 05.02.2024 08:15:44
  • Zuletzt bearbeitet 04.11.2025 22:15:58

Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.

8.6

CVE-2024-21626

Exploit
  • EPSS 4.85%
  • Veröffentlicht 31.01.2024 22:15:53
  • Zuletzt bearbeitet 21.11.2024 08:54:45

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to hav...

7.8

CVE-2023-6246

Exploit
  • EPSS 29.14%
  • Veröffentlicht 31.01.2024 14:15:48
  • Zuletzt bearbeitet 21.11.2024 08:43:27

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument...

7.5

CVE-2023-6779

Exploit
  • EPSS 0.56%
  • Veröffentlicht 31.01.2024 14:15:48
  • Zuletzt bearbeitet 21.11.2024 08:44:32

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_...

5.3

CVE-2023-6780

Exploit
  • EPSS 0.22%
  • Veröffentlicht 31.01.2024 14:15:48
  • Zuletzt bearbeitet 07.02.2025 17:15:29

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect ca...

7.8

CVE-2024-1086

Warnung Exploit
  • EPSS 85.86%
  • Veröffentlicht 31.01.2024 13:15:10
  • Zuletzt bearbeitet 27.10.2025 17:06:37

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the n...

8.8

CVE-2024-1060

  • EPSS 0.35%
  • Veröffentlicht 30.01.2024 22:15:53
  • Zuletzt bearbeitet 29.05.2025 15:15:27

Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-1077

  • EPSS 0.37%
  • Veröffentlicht 30.01.2024 22:15:53
  • Zuletzt bearbeitet 03.06.2025 19:15:34

Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

8.8

CVE-2024-1059

  • EPSS 0.42%
  • Veröffentlicht 30.01.2024 22:15:52
  • Zuletzt bearbeitet 08.05.2025 18:15:41

Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

7.5

CVE-2024-23334

Exploit
  • EPSS 93.56%
  • Veröffentlicht 29.01.2024 23:15:08
  • Zuletzt bearbeitet 03.11.2025 21:16:06

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' ca...