Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2024-2408

Exploit
  • EPSS 0.19%
  • Published 09.06.2024 20:15:09
  • Last modified 21.03.2025 18:15:32

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https...

9.8

CVE-2024-4577

Warning Media report Exploit
  • EPSS 94.37%
  • Published 09.06.2024 20:15:09
  • Last modified 28.03.2025 15:12:44

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given...

5.3

CVE-2024-5458

Exploit
  • EPSS 2.4%
  • Published 09.06.2024 19:15:52
  • Last modified 14.03.2025 15:15:44

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid u...

8.8

CVE-2024-5585

Exploit
  • EPSS 0.9%
  • Published 09.06.2024 19:15:52
  • Last modified 21.11.2024 09:47:58

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient ...

4.3

CVE-2024-34006

  • EPSS 0.36%
  • Published 31.05.2024 21:15:09
  • Last modified 30.05.2025 16:48:15

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.

8.8

CVE-2024-5493

Exploit
  • EPSS 0.74%
  • Published 30.05.2024 23:15:48
  • Last modified 26.12.2024 16:36:54

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-5494

Exploit
  • EPSS 0.41%
  • Published 30.05.2024 23:15:48
  • Last modified 26.12.2024 16:38:51

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-5495

Exploit
  • EPSS 0.52%
  • Published 30.05.2024 23:15:48
  • Last modified 26.12.2024 16:42:57

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-5496

Exploit
  • EPSS 1.27%
  • Published 30.05.2024 23:15:48
  • Last modified 26.12.2024 16:43:17

Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2024-5497

Exploit
  • EPSS 0.37%
  • Published 30.05.2024 23:15:48
  • Last modified 26.12.2024 16:43:33

Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security sev...