Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-39354

Exploit
  • EPSS 0.21%
  • Veröffentlicht 31.08.2023 20:15:08
  • Zuletzt bearbeitet 03.11.2025 21:15:58

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it proce...

7.5

CVE-2023-40589

Exploit
  • EPSS 0.15%
  • Veröffentlicht 31.08.2023 19:15:11
  • Zuletzt bearbeitet 03.11.2025 21:16:01

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger t...

7.5

CVE-2023-20900

  • EPSS 0.84%
  • Veröffentlicht 31.08.2023 10:15:08
  • Zuletzt bearbeitet 21.11.2024 07:41:47

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if ...

8.8

CVE-2023-4572

  • EPSS 0.33%
  • Veröffentlicht 29.08.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:35:27

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

7.5

CVE-2023-38802

Exploit
  • EPSS 0.77%
  • Veröffentlicht 29.08.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:14:13

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

7.5

CVE-2023-41358

  • EPSS 0.35%
  • Veröffentlicht 29.08.2023 04:15:16
  • Zuletzt bearbeitet 21.11.2024 08:21:08

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

9.1

CVE-2023-41359

  • EPSS 0.19%
  • Veröffentlicht 29.08.2023 04:15:16
  • Zuletzt bearbeitet 21.11.2024 08:21:08

An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.

9.1

CVE-2023-41360

  • EPSS 0.24%
  • Veröffentlicht 29.08.2023 04:15:16
  • Zuletzt bearbeitet 21.11.2024 08:21:09

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.

5.3

CVE-2023-40587

  • EPSS 0.45%
  • Veröffentlicht 25.08.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:19:46

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is loca...

6.5

CVE-2023-38201

  • EPSS 0.02%
  • Veröffentlicht 25.08.2023 17:15:08
  • Zuletzt bearbeitet 21.11.2024 08:13:04

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake age...