Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-35951

  • EPSS 78.85%
  • Veröffentlicht 23.09.2022 04:15:11
  • Zuletzt bearbeitet 21.11.2024 07:12:02

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may...

7.5

CVE-2022-1941

  • EPSS 0.14%
  • Veröffentlicht 22.09.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:41:47

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and ...

7.8

CVE-2022-3256

Exploit
  • EPSS 0.06%
  • Veröffentlicht 22.09.2022 13:15:09
  • Zuletzt bearbeitet 21.11.2024 07:19:09

Use After Free in GitHub repository vim/vim prior to 9.0.0530.

5.3

CVE-2022-2795

  • EPSS 0.53%
  • Veröffentlicht 21.09.2022 11:15:09
  • Zuletzt bearbeitet 29.11.2024 12:15:04

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

7.5

CVE-2022-38177

  • EPSS 0.9%
  • Veröffentlicht 21.09.2022 11:15:09
  • Zuletzt bearbeitet 28.05.2025 16:15:26

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

7.5

CVE-2022-38178

  • EPSS 1.48%
  • Veröffentlicht 21.09.2022 11:15:09
  • Zuletzt bearbeitet 28.05.2025 16:15:26

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

7.5

CVE-2022-3080

  • EPSS 0.09%
  • Veröffentlicht 21.09.2022 11:15:09
  • Zuletzt bearbeitet 21.11.2024 07:18:46

By sending specific queries to the resolver, an attacker can cause named to crash.

6.6

CVE-2022-35957

  • EPSS 0.87%
  • Veröffentlicht 20.09.2022 23:15:09
  • Zuletzt bearbeitet 21.11.2024 07:12:03

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and ga...

8.8

CVE-2022-32886

  • EPSS 0.52%
  • Veröffentlicht 20.09.2022 21:15:11
  • Zuletzt bearbeitet 29.05.2025 15:15:21

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

9.8

CVE-2022-39955

  • EPSS 0.13%
  • Veröffentlicht 20.09.2022 07:15:12
  • Zuletzt bearbeitet 03.11.2025 20:15:56

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited...