Fedoraproject

Fedora

5355 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2023-4001

  • EPSS 0.03%
  • Veröffentlicht 15.01.2024 11:15:08
  • Zuletzt bearbeitet 21.11.2024 08:34:11

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an exte...

5.5

CVE-2024-23301

Exploit
  • EPSS 0.1%
  • Veröffentlicht 12.01.2024 23:15:10
  • Zuletzt bearbeitet 10.12.2025 17:15:50

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.

5.5

CVE-2024-0443

  • EPSS 0.01%
  • Veröffentlicht 12.01.2024 00:15:45
  • Zuletzt bearbeitet 21.11.2024 08:46:36

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is calle...

5.3

CVE-2024-0333

  • EPSS 0.07%
  • Veröffentlicht 10.01.2024 22:15:50
  • Zuletzt bearbeitet 03.06.2025 15:15:54

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)

8.1

CVE-2023-41056

  • EPSS 7.51%
  • Veröffentlicht 10.01.2024 16:15:46
  • Zuletzt bearbeitet 21.11.2024 08:20:28

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7....

6.5

CVE-2023-5455

  • EPSS 0.3%
  • Veröffentlicht 10.01.2024 13:15:48
  • Zuletzt bearbeitet 18.03.2026 04:16:51

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of ...

7.8

CVE-2021-3600

  • EPSS 0.16%
  • Veröffentlicht 08.01.2024 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:56

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

5.3

CVE-2024-22049

Exploit
  • EPSS 1.2%
  • Veröffentlicht 04.01.2024 21:15:10
  • Zuletzt bearbeitet 07.01.2026 19:49:03

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled file...

7

CVE-2023-6270

  • EPSS 0.03%
  • Veröffentlicht 04.01.2024 17:15:08
  • Zuletzt bearbeitet 24.03.2026 12:16:09

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the ac...

8.8

CVE-2024-0224

  • EPSS 0.45%
  • Veröffentlicht 04.01.2024 02:15:29
  • Zuletzt bearbeitet 18.06.2025 16:15:25

Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)