Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2023-42453

  • EPSS 0.23%
  • Veröffentlicht 27.09.2023 15:19:32
  • Zuletzt bearbeitet 21.11.2024 08:22:33

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but s...

3.7

CVE-2023-41335

  • EPSS 0.14%
  • Veröffentlicht 27.09.2023 15:19:30
  • Zuletzt bearbeitet 21.11.2024 08:21:06

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabili...

8.8

CVE-2023-41074

  • EPSS 1.12%
  • Veröffentlicht 27.09.2023 15:19:26
  • Zuletzt bearbeitet 21.11.2024 08:20:30

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

8.8

CVE-2023-35074

  • EPSS 0.6%
  • Veröffentlicht 27.09.2023 15:18:52
  • Zuletzt bearbeitet 05.05.2025 16:15:40

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

7.8

CVE-2022-4318

  • EPSS 0.04%
  • Veröffentlicht 25.09.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 07:35:01

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

7.1

CVE-2023-4156

Exploit
  • EPSS 0.02%
  • Veröffentlicht 25.09.2023 18:15:11
  • Zuletzt bearbeitet 21.11.2024 08:34:30

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

5.5

CVE-2023-42811

Exploit
  • EPSS 0.02%
  • Veröffentlicht 22.09.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:23:15

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag ver...

8.8

CVE-2023-5002

  • EPSS 21.84%
  • Veröffentlicht 22.09.2023 14:15:47
  • Zuletzt bearbeitet 17.03.2025 16:43:52

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server ...

5.5

CVE-2023-43090

Exploit
  • EPSS 0.09%
  • Veröffentlicht 22.09.2023 06:15:09
  • Zuletzt bearbeitet 21.11.2024 08:23:42

A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.

7

CVE-2023-4504

Exploit
  • EPSS 0.04%
  • Veröffentlicht 21.09.2023 23:15:12
  • Zuletzt bearbeitet 04.11.2025 17:15:41

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in...