Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2024-27834

  • EPSS 0.01%
  • Published 14.05.2024 15:13:06
  • Last modified 12.12.2024 14:33:00

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

7.2

CVE-2024-25641

Exploit
  • EPSS 89.04%
  • Published 14.05.2024 15:05:50
  • Last modified 18.12.2024 20:54:30

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permis...

9.6

CVE-2024-4558

Exploit
  • EPSS 1.41%
  • Published 07.05.2024 19:15:08
  • Last modified 20.12.2024 17:18:09

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

6.5

CVE-2024-4559

Exploit
  • EPSS 0.26%
  • Published 07.05.2024 19:15:08
  • Last modified 19.12.2024 20:47:26

Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

5.2

CVE-2024-34397

Exploit
  • EPSS 0.1%
  • Published 07.05.2024 18:15:08
  • Last modified 18.06.2025 14:36:02

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can ...

5.4

CVE-2024-34064

  • EPSS 0.58%
  • Published 06.05.2024 15:15:23
  • Last modified 08.09.2025 19:27:31

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting ...

6.1

CVE-2024-34500

  • EPSS 0.3%
  • Published 05.05.2024 19:15:07
  • Last modified 11.06.2025 14:44:14

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to ...

9.8

CVE-2024-34502

  • EPSS 0.16%
  • Published 05.05.2024 19:15:07
  • Last modified 17.06.2025 14:53:28

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST...

7.5

CVE-2024-34506

Exploit
  • EPSS 0.15%
  • Published 05.05.2024 19:15:07
  • Last modified 17.06.2025 16:40:07

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands...

7.4

CVE-2024-34507

Exploit
  • EPSS 0.4%
  • Published 05.05.2024 19:15:07
  • Last modified 17.06.2025 16:37:39

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1...