Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2023-34432

Exploit
  • EPSS 0.04%
  • Veröffentlicht 10.07.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 08:07:13

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

5.5

CVE-2023-26590

  • EPSS 0.03%
  • Veröffentlicht 10.07.2023 18:15:10
  • Zuletzt bearbeitet 27.06.2025 18:51:27

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.

5.5

CVE-2023-32627

  • EPSS 0.05%
  • Veröffentlicht 10.07.2023 18:15:10
  • Zuletzt bearbeitet 27.06.2025 18:51:27

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.

7.8

CVE-2023-34318

  • EPSS 0.03%
  • Veröffentlicht 10.07.2023 18:15:10
  • Zuletzt bearbeitet 27.06.2025 18:51:27

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.

5.5

CVE-2023-1183

  • EPSS 3.87%
  • Veröffentlicht 10.07.2023 16:15:48
  • Zuletzt bearbeitet 21.11.2024 07:38:37

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

8.2

CVE-2023-35934

  • EPSS 0.48%
  • Veröffentlicht 06.07.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:09:00

yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragme...

7.8

CVE-2023-35001

  • EPSS 0.25%
  • Veröffentlicht 05.07.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 08:07:48

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

7.8

CVE-2023-31248

  • EPSS 0.2%
  • Veröffentlicht 05.07.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:01:42

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

7.5

CVE-2023-36053

  • EPSS 9.6%
  • Veröffentlicht 03.07.2023 13:15:09
  • Zuletzt bearbeitet 04.11.2025 18:15:40

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

7.5

CVE-2023-30589

Exploit
  • EPSS 1.77%
  • Veröffentlicht 01.07.2023 00:15:10
  • Zuletzt bearbeitet 04.11.2025 17:15:36

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the ...