Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-2828

  • EPSS 0.87%
  • Veröffentlicht 21.06.2023 17:15:47
  • Zuletzt bearbeitet 21.11.2024 07:59:22

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-ca...

7.5

CVE-2023-2911

  • EPSS 0.29%
  • Veröffentlicht 21.06.2023 17:15:47
  • Zuletzt bearbeitet 21.11.2024 07:59:33

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly du...

5.5

CVE-2023-34474

  • EPSS 0.03%
  • Veröffentlicht 16.06.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:07:20

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application...

5.5

CVE-2023-34475

  • EPSS 0.02%
  • Veröffentlicht 16.06.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:07:20

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an appli...

5.5

CVE-2023-3195

Exploit
  • EPSS 0.02%
  • Veröffentlicht 16.06.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:16:40

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

5.5

CVE-2023-2431

  • EPSS 0.01%
  • Veröffentlicht 16.06.2023 08:15:08
  • Zuletzt bearbeitet 12.12.2024 16:15:07

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerabili...

7.5

CVE-2023-30631

  • EPSS 0.54%
  • Veröffentlicht 14.06.2023 08:15:09
  • Zuletzt bearbeitet 13.02.2025 17:16:25

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuratio...

8.8

CVE-2023-3214

  • EPSS 1.52%
  • Veröffentlicht 13.06.2023 18:15:22
  • Zuletzt bearbeitet 05.05.2025 16:15:44

Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8

CVE-2023-3215

  • EPSS 19.98%
  • Veröffentlicht 13.06.2023 18:15:22
  • Zuletzt bearbeitet 05.05.2025 16:15:44

Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2023-3216

  • EPSS 0.76%
  • Veröffentlicht 13.06.2023 18:15:22
  • Zuletzt bearbeitet 05.05.2025 16:15:44

Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)