Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2022-42335

  • EPSS 0.07%
  • Veröffentlicht 25.04.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the...

6.5

CVE-2023-29530

  • EPSS 0.22%
  • Veröffentlicht 24.04.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:57:14

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newli...

5.5

CVE-2023-31084

  • EPSS 0.01%
  • Veröffentlicht 24.04.2023 06:15:07
  • Zuletzt bearbeitet 18.03.2025 20:15:19

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test...

6.7

CVE-2023-2194

  • EPSS 0.02%
  • Veröffentlicht 20.04.2023 21:15:09
  • Zuletzt bearbeitet 23.04.2025 17:16:29

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of ...

8.8

CVE-2023-2133

  • EPSS 0.68%
  • Veröffentlicht 19.04.2023 04:15:31
  • Zuletzt bearbeitet 21.11.2024 07:57:59

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2023-2134

  • EPSS 0.68%
  • Veröffentlicht 19.04.2023 04:15:31
  • Zuletzt bearbeitet 21.11.2024 07:57:59

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

7.5

CVE-2023-2135

  • EPSS 0.51%
  • Veröffentlicht 19.04.2023 04:15:31
  • Zuletzt bearbeitet 21.11.2024 07:57:59

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.6

CVE-2023-2136

Warnung
  • EPSS 0.33%
  • Veröffentlicht 19.04.2023 04:15:31
  • Zuletzt bearbeitet 24.10.2025 14:07:43

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2023-2137

  • EPSS 0.46%
  • Veröffentlicht 19.04.2023 04:15:31
  • Zuletzt bearbeitet 21.11.2024 07:58:00

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

5.3

CVE-2023-27043

Exploit
  • EPSS 0.19%
  • Veröffentlicht 19.04.2023 00:15:07
  • Zuletzt bearbeitet 17.12.2025 22:15:57

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protect...