Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2023-5345

  • EPSS 0.02%
  • Veröffentlicht 03.10.2023 03:15:09
  • Zuletzt bearbeitet 20.03.2025 16:59:45

A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which ...

7.5

CVE-2023-5344

Exploit
  • EPSS 0.06%
  • Veröffentlicht 02.10.2023 20:15:10
  • Zuletzt bearbeitet 03.11.2025 21:16:03

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

7.5

CVE-2023-44488

  • EPSS 1.45%
  • Veröffentlicht 30.09.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:25:59

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

8.8

CVE-2023-43655

  • EPSS 2.05%
  • Veröffentlicht 29.09.2023 20:15:09
  • Zuletzt bearbeitet 23.04.2025 17:31:40

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_...

8.8

CVE-2023-5186

  • EPSS 1.54%
  • Veröffentlicht 28.09.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:15

Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: H...

8.8

CVE-2023-5187

  • EPSS 0.28%
  • Veröffentlicht 28.09.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:15

Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2023-5217

Warnung Exploit
  • EPSS 3.62%
  • Veröffentlicht 28.09.2023 16:15:10
  • Zuletzt bearbeitet 24.10.2025 14:07:24

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

4.7

CVE-2023-42756

Exploit
  • EPSS 0.01%
  • Veröffentlicht 28.09.2023 14:15:21
  • Zuletzt bearbeitet 21.11.2024 08:23:06

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash...

6.5

CVE-2023-42822

  • EPSS 0.34%
  • Veröffentlicht 27.09.2023 18:15:11
  • Zuletzt bearbeitet 03.11.2025 20:16:02

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The v...

6.5

CVE-2023-5169

  • EPSS 0.32%
  • Veröffentlicht 27.09.2023 15:19:42
  • Zuletzt bearbeitet 21.11.2024 08:41:13

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115...