Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-2455

  • EPSS 0.21%
  • Veröffentlicht 09.06.2023 19:15:09
  • Zuletzt bearbeitet 06.01.2025 18:15:13

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other ...

5.3

CVE-2023-32732

  • EPSS 0.02%
  • Veröffentlicht 09.06.2023 11:15:09
  • Zuletzt bearbeitet 13.02.2025 17:16:32

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allo...

9.8

CVE-2023-29404

  • EPSS 0.08%
  • Veröffentlicht 08.06.2023 21:15:17
  • Zuletzt bearbeitet 06.01.2025 20:15:26

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via...

9.8

CVE-2023-29405

  • EPSS 0.33%
  • Veröffentlicht 08.06.2023 21:15:17
  • Zuletzt bearbeitet 06.01.2025 20:15:26

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via...

9.8

CVE-2023-29402

  • EPSS 0.12%
  • Veröffentlicht 08.06.2023 21:15:16
  • Zuletzt bearbeitet 06.01.2025 22:15:08

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline charact...

7.8

CVE-2023-29403

  • EPSS 0.01%
  • Veröffentlicht 08.06.2023 21:15:16
  • Zuletzt bearbeitet 06.01.2025 20:15:25

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a s...

6.5

CVE-2023-34969

Exploit
  • EPSS 0.75%
  • Veröffentlicht 08.06.2023 03:15:08
  • Zuletzt bearbeitet 09.06.2025 15:15:29

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with...

7.8

CVE-2023-2603

Exploit
  • EPSS 1.18%
  • Veröffentlicht 06.06.2023 20:15:13
  • Zuletzt bearbeitet 02.12.2025 21:15:51

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

3.3

CVE-2023-2602

Exploit
  • EPSS 0.02%
  • Veröffentlicht 06.06.2023 20:15:12
  • Zuletzt bearbeitet 21.11.2024 07:58:54

A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.

6.5

CVE-2023-33460

Exploit
  • EPSS 0.21%
  • Veröffentlicht 06.06.2023 12:15:09
  • Zuletzt bearbeitet 08.01.2025 17:15:12

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.