Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-6816

  • EPSS 3.26%
  • Veröffentlicht 18.01.2024 05:15:08
  • Zuletzt bearbeitet 29.08.2025 13:42:30

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for th...

8.8

CVE-2024-0517

  • EPSS 66.01%
  • Veröffentlicht 16.01.2024 22:15:37
  • Zuletzt bearbeitet 22.05.2025 18:15:33

Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-0518

  • EPSS 0.22%
  • Veröffentlicht 16.01.2024 22:15:37
  • Zuletzt bearbeitet 21.11.2024 08:46:46

Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-0519

Warnung
  • EPSS 0.45%
  • Veröffentlicht 16.01.2024 22:15:37
  • Zuletzt bearbeitet 24.10.2025 14:07:56

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.8

CVE-2023-6395

Exploit
  • EPSS 0.67%
  • Veröffentlicht 16.01.2024 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:43:46

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the ex...

5.5

CVE-2024-0232

Exploit
  • EPSS 0.02%
  • Veröffentlicht 16.01.2024 14:15:48
  • Zuletzt bearbeitet 21.11.2024 08:46:06

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a...

7.5

CVE-2024-0567

Exploit
  • EPSS 1.75%
  • Veröffentlicht 16.01.2024 14:15:48
  • Zuletzt bearbeitet 21.11.2024 08:46:53

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, r...

7.5

CVE-2024-0553

Exploit
  • EPSS 1.03%
  • Veröffentlicht 16.01.2024 12:15:45
  • Zuletzt bearbeitet 21.11.2024 08:46:51

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing s...

6.8

CVE-2023-4001

  • EPSS 0.04%
  • Veröffentlicht 15.01.2024 11:15:08
  • Zuletzt bearbeitet 21.11.2024 08:34:11

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an exte...

5.5

CVE-2024-23301

Exploit
  • EPSS 0.1%
  • Veröffentlicht 12.01.2024 23:15:10
  • Zuletzt bearbeitet 10.12.2025 17:15:50

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.