Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2023-39356

Exploit
  • EPSS 0.15%
  • Veröffentlicht 31.08.2023 21:15:08
  • Zuletzt bearbeitet 10.04.2025 21:05:20

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there i...

9.8

CVE-2023-39352

Exploit
  • EPSS 0.09%
  • Veröffentlicht 31.08.2023 21:15:07
  • Zuletzt bearbeitet 11.04.2025 14:48:41

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` ...

7.5

CVE-2023-39350

Exploit
  • EPSS 0.31%
  • Veröffentlicht 31.08.2023 20:15:08
  • Zuletzt bearbeitet 10.04.2025 20:51:24

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an ins...

7.5

CVE-2023-39351

Exploit
  • EPSS 0.1%
  • Veröffentlicht 31.08.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:15:12

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_...

7.5

CVE-2023-39354

Exploit
  • EPSS 0.18%
  • Veröffentlicht 31.08.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:15:13

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it proce...

7.5

CVE-2023-40589

Exploit
  • EPSS 0.1%
  • Veröffentlicht 31.08.2023 19:15:11
  • Zuletzt bearbeitet 21.11.2024 08:19:46

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger t...

7.5

CVE-2023-20900

  • EPSS 0.84%
  • Veröffentlicht 31.08.2023 10:15:08
  • Zuletzt bearbeitet 21.11.2024 07:41:47

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if ...

8.8

CVE-2023-4572

  • EPSS 0.6%
  • Veröffentlicht 29.08.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:35:27

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

7.5

CVE-2023-38802

Exploit
  • EPSS 0.77%
  • Veröffentlicht 29.08.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:14:13

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

7.5

CVE-2023-41358

  • EPSS 0.35%
  • Veröffentlicht 29.08.2023 04:15:16
  • Zuletzt bearbeitet 21.11.2024 08:21:08

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.