Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2023-40550

  • EPSS 0.02%
  • Veröffentlicht 29.01.2024 17:15:08
  • Zuletzt bearbeitet 21.11.2024 08:19:42

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.

5.1

CVE-2023-40551

  • EPSS 0.02%
  • Veröffentlicht 29.01.2024 17:15:08
  • Zuletzt bearbeitet 21.11.2024 08:19:42

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.

7.4

CVE-2023-40548

  • EPSS 0.03%
  • Veröffentlicht 29.01.2024 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:19:41

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, l...

7.5

CVE-2023-46838

  • EPSS 0.13%
  • Veröffentlicht 29.01.2024 11:15:07
  • Zuletzt bearbeitet 04.11.2025 19:16:04

Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be tra...

4.3

CVE-2024-0809

  • EPSS 0.04%
  • Veröffentlicht 24.01.2024 00:15:08
  • Zuletzt bearbeitet 15.05.2025 15:16:07

Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

4.3

CVE-2024-0811

  • EPSS 0.35%
  • Veröffentlicht 24.01.2024 00:15:08
  • Zuletzt bearbeitet 16.06.2025 19:15:29

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Lo...

8.8

CVE-2024-0812

  • EPSS 0.33%
  • Veröffentlicht 24.01.2024 00:15:08
  • Zuletzt bearbeitet 30.05.2025 15:15:31

Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-0813

  • EPSS 0.08%
  • Veröffentlicht 24.01.2024 00:15:08
  • Zuletzt bearbeitet 21.11.2024 08:47:25

Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

6.5

CVE-2024-0814

  • EPSS 0.13%
  • Veröffentlicht 24.01.2024 00:15:08
  • Zuletzt bearbeitet 30.05.2025 15:15:31

Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

7.5

CVE-2024-0804

  • EPSS 0.11%
  • Veröffentlicht 24.01.2024 00:15:07
  • Zuletzt bearbeitet 22.05.2025 18:15:38

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)