Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-4354

  • EPSS 2.08%
  • Veröffentlicht 15.08.2023 18:15:11
  • Zuletzt bearbeitet 05.05.2025 16:15:49

Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2023-4355

  • EPSS 40.5%
  • Veröffentlicht 15.08.2023 18:15:11
  • Zuletzt bearbeitet 05.05.2025 16:15:49

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2023-4349

  • EPSS 1.73%
  • Veröffentlicht 15.08.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 08:34:54

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2023-32004

  • EPSS 0.12%
  • Veröffentlicht 15.08.2023 16:15:11
  • Zuletzt bearbeitet 08.05.2025 16:15:23

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions...

8.8

CVE-2023-32006

  • EPSS 0.07%
  • Veröffentlicht 15.08.2023 16:15:11
  • Zuletzt bearbeitet 08.05.2025 16:15:23

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active ...

5.3

CVE-2023-32003

  • EPSS 0.06%
  • Veröffentlicht 15.08.2023 16:15:10
  • Zuletzt bearbeitet 03.07.2025 14:15:24

`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary director...

9.8

CVE-2023-4322

Exploit
  • EPSS 0.24%
  • Veröffentlicht 14.08.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:34:51

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

9.8

CVE-2023-3824

Exploit
  • EPSS 32.37%
  • Veröffentlicht 11.08.2023 06:15:10
  • Zuletzt bearbeitet 13.02.2025 17:16:59

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption...

7.5

CVE-2023-3823

Exploit
  • EPSS 0.28%
  • Veröffentlicht 11.08.2023 06:15:09
  • Zuletzt bearbeitet 13.02.2025 17:16:59

In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unle...

4.4

CVE-2023-23908

  • EPSS 0.01%
  • Veröffentlicht 11.08.2023 03:15:18
  • Zuletzt bearbeitet 21.11.2024 07:47:04

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.