Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-51766

Exploit
  • EPSS 1.64%
  • Veröffentlicht 24.12.2023 06:15:07
  • Zuletzt bearbeitet 04.11.2025 19:16:21

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mecha...

5.3

CVE-2023-51764

Exploit
  • EPSS 21.85%
  • Veröffentlicht 24.12.2023 05:15:08
  • Zuletzt bearbeitet 04.11.2025 22:15:56

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a publishe...

8.8

CVE-2023-7024

Warnung Exploit
  • EPSS 0.75%
  • Veröffentlicht 21.12.2023 23:15:11
  • Zuletzt bearbeitet 24.10.2025 14:07:52

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

7

CVE-2023-6546

  • EPSS 0.25%
  • Veröffentlicht 21.12.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:44:04

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free...

5.5

CVE-2023-4255

Exploit
  • EPSS 0.02%
  • Veröffentlicht 21.12.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:34:44

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of ...

5.5

CVE-2023-4256

Exploit
  • EPSS 0.01%
  • Veröffentlicht 21.12.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:34:44

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. ...

5.3

CVE-2023-6918

  • EPSS 0.36%
  • Veröffentlicht 19.12.2023 00:15:08
  • Zuletzt bearbeitet 15.02.2025 01:15:09

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, ...

5.9

CVE-2023-48795

Medienbericht Exploit
  • EPSS 66.83%
  • Veröffentlicht 18.12.2023 16:15:10
  • Zuletzt bearbeitet 04.11.2025 22:15:55

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...

7.8

CVE-2023-47038

  • EPSS 0.09%
  • Veröffentlicht 18.12.2023 14:15:08
  • Zuletzt bearbeitet 04.11.2025 19:16:05

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

8.8

CVE-2023-6702

  • EPSS 42%
  • Veröffentlicht 14.12.2023 22:15:44
  • Zuletzt bearbeitet 04.11.2025 19:16:24

Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)