Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-6779

Exploit
  • EPSS 0.61%
  • Veröffentlicht 31.01.2024 14:15:48
  • Zuletzt bearbeitet 21.11.2024 08:44:32

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_...

5.3

CVE-2023-6780

Exploit
  • EPSS 0.23%
  • Veröffentlicht 31.01.2024 14:15:48
  • Zuletzt bearbeitet 07.02.2025 17:15:29

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect ca...

7.8

CVE-2024-1086

Warnung Exploit
  • EPSS 85.01%
  • Veröffentlicht 31.01.2024 13:15:10
  • Zuletzt bearbeitet 27.10.2025 17:06:37

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the n...

8.8

CVE-2024-1060

  • EPSS 0.35%
  • Veröffentlicht 30.01.2024 22:15:53
  • Zuletzt bearbeitet 29.05.2025 15:15:27

Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-1077

  • EPSS 0.37%
  • Veröffentlicht 30.01.2024 22:15:53
  • Zuletzt bearbeitet 03.06.2025 19:15:34

Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

8.8

CVE-2024-1059

  • EPSS 0.44%
  • Veröffentlicht 30.01.2024 22:15:52
  • Zuletzt bearbeitet 08.05.2025 18:15:41

Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

7.5

CVE-2024-23334

Exploit
  • EPSS 93.48%
  • Veröffentlicht 29.01.2024 23:15:08
  • Zuletzt bearbeitet 04.02.2026 20:16:01

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' ca...

6.5

CVE-2024-23829

Exploit
  • EPSS 0.38%
  • Veröffentlicht 29.01.2024 23:15:08
  • Zuletzt bearbeitet 03.11.2025 21:16:06

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame bounda...

5.5

CVE-2023-40546

  • EPSS 0.03%
  • Veröffentlicht 29.01.2024 17:15:08
  • Zuletzt bearbeitet 21.11.2024 08:19:41

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match ...

5.5

CVE-2023-40549

  • EPSS 0.03%
  • Veröffentlicht 29.01.2024 17:15:08
  • Zuletzt bearbeitet 21.11.2024 08:19:42

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of se...