Fedoraproject

Fedora

5326 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2024-29894

Exploit
  • EPSS 0.16%
  • Veröffentlicht 14.05.2024 15:17:14
  • Zuletzt bearbeitet 18.12.2024 21:10:38

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/func...

5.5

CVE-2024-27834

  • EPSS 0.01%
  • Veröffentlicht 14.05.2024 15:13:06
  • Zuletzt bearbeitet 04.11.2025 18:16:14

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

7.2

CVE-2024-25641

Exploit
  • EPSS 88.58%
  • Veröffentlicht 14.05.2024 15:05:50
  • Zuletzt bearbeitet 04.11.2025 17:15:46

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permis...

9.6

CVE-2024-4558

Exploit
  • EPSS 1.93%
  • Veröffentlicht 07.05.2024 19:15:08
  • Zuletzt bearbeitet 04.11.2025 18:16:42

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

6.5

CVE-2024-4559

Exploit
  • EPSS 0.36%
  • Veröffentlicht 07.05.2024 19:15:08
  • Zuletzt bearbeitet 19.12.2024 20:47:26

Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

5.2

CVE-2024-34397

Exploit
  • EPSS 0.19%
  • Veröffentlicht 07.05.2024 18:15:08
  • Zuletzt bearbeitet 04.11.2025 22:16:01

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can ...

5.4

CVE-2024-34064

  • EPSS 1.15%
  • Veröffentlicht 06.05.2024 15:15:23
  • Zuletzt bearbeitet 03.11.2025 22:16:54

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting ...

7.5

CVE-2024-34069

  • EPSS 41.94%
  • Veröffentlicht 06.05.2024 15:15:23
  • Zuletzt bearbeitet 03.12.2025 15:32:11

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to intera...

6.1

CVE-2024-34500

  • EPSS 0.3%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 04.11.2025 18:16:22

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to ...

9.8

CVE-2024-34502

  • EPSS 0.16%
  • Veröffentlicht 05.05.2024 19:15:07
  • Zuletzt bearbeitet 04.11.2025 18:16:22

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST...