Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.86%
  • Veröffentlicht 02.08.2023 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:57:00

The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compr...

  • EPSS 0.24%
  • Veröffentlicht 02.08.2023 05:15:09
  • Zuletzt bearbeitet 21.11.2024 08:34:14

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

  • EPSS 0.45%
  • Veröffentlicht 01.08.2023 17:15:09
  • Zuletzt bearbeitet 23.06.2026 18:17:32

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.

  • EPSS 0.95%
  • Veröffentlicht 31.07.2023 17:15:10
  • Zuletzt bearbeitet 21.11.2024 08:34:12

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate...

Exploit
  • EPSS 0.27%
  • Veröffentlicht 29.07.2023 00:15:11
  • Zuletzt bearbeitet 21.11.2024 07:36:14

Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low)

Exploit
  • EPSS 0.46%
  • Veröffentlicht 29.07.2023 00:15:11
  • Zuletzt bearbeitet 21.11.2024 07:36:15

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Exploit
  • EPSS 1.25%
  • Veröffentlicht 29.07.2023 00:15:10
  • Zuletzt bearbeitet 21.11.2024 07:36:13

Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

  • EPSS 0.47%
  • Veröffentlicht 25.07.2023 21:15:10
  • Zuletzt bearbeitet 13.02.2025 13:50:15

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certific...

  • EPSS 0.45%
  • Veröffentlicht 25.07.2023 16:15:11
  • Zuletzt bearbeitet 21.11.2024 08:18:01

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possibl...

  • EPSS 0.24%
  • Veröffentlicht 25.07.2023 16:15:11
  • Zuletzt bearbeitet 21.11.2024 08:18:01

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attrib...