Fedora Project 漏洞与 CVE 列表(5,422)

产品(CPE): — CVE 数: 5,422

Fedora Project 漏洞概览

汇总 Fedora Project 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括 缓冲区溢出、路径处理缺陷、输入验证问题与跨站脚本,在 服务器部署与系统组件 使用场景中可能带来 文件覆盖、异常行为与会话劫持 等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 1205422 CVE 数
«« 第一页 « 上一页 第 1 / 272 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-12610 A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit. [email protected] 6.4 0.16% 2026-06-30 2026-06-30
CVE-2026-54231 A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal output by embedding newline characters in syslog messages, controlling the content that root writes to dump directory files. [email protected] 5.5 0.12% 2026-06-12 2026-06-29
CVE-2026-54230 A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system. [email protected] 7.0 0.12% 2026-06-12 2026-07-14
CVE-2026-35094 A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor. [email protected] 3.3 0.15% 2026-04-01 2026-06-17
CVE-2026-35093 A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location. [email protected] 8.8 0.18% 2026-04-01 2026-07-14
CVE-2023-4134 A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service. [email protected] 5.5 0.19% 2024-11-14 2026-06-17
CVE-2024-3056 A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed [email protected] 7.7 0.51% 2024-08-02 2026-06-17
CVE-2024-6293 Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) [email protected] 8.8 0.52% 2024-06-24 2026-06-17
CVE-2024-6292 Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) [email protected] 8.8 0.51% 2024-06-24 2026-06-17
CVE-2024-6291 Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) [email protected] 8.8 0.55% 2024-06-24 2026-06-17
CVE-2024-6290 Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) [email protected] 8.8 0.52% 2024-06-24 2026-06-17
CVE-2024-38277 A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. [email protected] 5.4 0.19% 2024-06-18 2026-06-17
CVE-2024-38276 Incorrect CSRF token checks resulted in multiple CSRF risks. [email protected] 8.8 0.46% 2024-06-18 2026-06-17
CVE-2024-38274 Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. [email protected] 6.1 0.37% 2024-06-18 2026-06-17
CVE-2024-38273 Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. [email protected] 5.4 0.43% 2024-06-18 2026-06-17
CVE-2024-5847 Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) [email protected] 8.8 0.48% 2024-06-11 2026-06-17
CVE-2024-5846 Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) [email protected] 8.8 0.48% 2024-06-11 2026-06-17
CVE-2024-5845 Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) [email protected] 8.8 0.46% 2024-06-11 2026-06-17
CVE-2024-5844 Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) [email protected] 8.8 0.53% 2024-06-11 2026-06-17
CVE-2024-5843 Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium) [email protected] 6.5 0.47% 2024-06-11 2026-06-17
«« 第一页 « 上一页 第 1 / 272 页 下一页 »
cvelogic Threat Intelligence