Fedoraproject

Fedora

5355 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-35241

  • EPSS 0.43%
  • Veröffentlicht 10.06.2024 22:15:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository ca...

8.8

CVE-2024-35242

  • EPSS 23.79%
  • Veröffentlicht 10.06.2024 22:15:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cl...

5.9

CVE-2024-2408

Exploit
  • EPSS 0.26%
  • Veröffentlicht 09.06.2024 20:15:09
  • Zuletzt bearbeitet 21.03.2025 18:15:32

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https...

9.8

CVE-2024-4577

Warnung Medienbericht Exploit
  • EPSS 94.37%
  • Veröffentlicht 09.06.2024 20:15:09
  • Zuletzt bearbeitet 03.11.2025 19:23:39

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given...

5.3

CVE-2024-5458

Exploit
  • EPSS 3.58%
  • Veröffentlicht 09.06.2024 19:15:52
  • Zuletzt bearbeitet 03.11.2025 23:17:30

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid u...

8.8

CVE-2024-5585

Exploit
  • EPSS 0.87%
  • Veröffentlicht 09.06.2024 19:15:52
  • Zuletzt bearbeitet 21.11.2024 09:47:58

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient ...

4.3

CVE-2024-34006

  • EPSS 0.42%
  • Veröffentlicht 31.05.2024 21:15:09
  • Zuletzt bearbeitet 30.05.2025 16:48:15

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.

8.8

CVE-2024-5493

Exploit
  • EPSS 0.48%
  • Veröffentlicht 30.05.2024 23:15:48
  • Zuletzt bearbeitet 26.12.2024 16:36:54

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-5494

Exploit
  • EPSS 0.52%
  • Veröffentlicht 30.05.2024 23:15:48
  • Zuletzt bearbeitet 26.12.2024 16:38:51

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-5495

Exploit
  • EPSS 0.33%
  • Veröffentlicht 30.05.2024 23:15:48
  • Zuletzt bearbeitet 26.12.2024 16:42:57

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)