Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2023-45143

  • EPSS 0.08%
  • Published 12.10.2023 17:15:10
  • Last modified 21.11.2024 08:26:26

Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request head...

5.5

CVE-2023-43789

  • EPSS 0.04%
  • Published 12.10.2023 12:15:10
  • Last modified 21.11.2024 08:24:47

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

6.5

CVE-2023-5487

  • EPSS 0.03%
  • Published 11.10.2023 23:15:11
  • Last modified 21.11.2024 08:41:52

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity...

8.8

CVE-2023-5218

  • EPSS 0.33%
  • Published 11.10.2023 23:15:10
  • Last modified 30.04.2025 21:15:53

Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

6.5

CVE-2023-5475

  • EPSS 0.04%
  • Published 11.10.2023 23:15:10
  • Last modified 21.11.2024 08:41:50

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security sever...

6.5

CVE-2023-5484

  • EPSS 0.31%
  • Published 11.10.2023 23:15:10
  • Last modified 21.11.2024 08:41:52

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

7.5

CVE-2023-39325

  • EPSS 0.15%
  • Published 11.10.2023 22:15:09
  • Last modified 21.11.2024 08:15:09

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-prog...

7.8

CVE-2023-5535

Exploit
  • EPSS 0.02%
  • Published 11.10.2023 20:15:10
  • Last modified 21.11.2024 08:41:57

Use After Free in GitHub repository vim/vim prior to v9.0.2010.

8.8

CVE-2023-37536

  • EPSS 1%
  • Published 11.10.2023 07:15:10
  • Last modified 21.11.2024 08:11:53

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

4.9

CVE-2023-45129

  • EPSS 0.25%
  • Published 10.10.2023 18:15:19
  • Last modified 21.11.2024 08:26:24

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homese...