Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2022-2476

Exploit
  • EPSS 0.03%
  • Veröffentlicht 19.07.2022 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:01:04

A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000...

7.5

CVE-2022-34169

  • EPSS 8.78%
  • Veröffentlicht 19.07.2022 18:15:11
  • Zuletzt bearbeitet 21.11.2024 07:08:59

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Use...

7.3

CVE-2022-32323

  • EPSS 0.07%
  • Veröffentlicht 14.07.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:06:09

AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.

6.5

CVE-2022-23825

  • EPSS 0.19%
  • Veröffentlicht 14.07.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:49:19

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

8.1

CVE-2022-32212

  • EPSS 0.07%
  • Veröffentlicht 14.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:56

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making D...

6.5

CVE-2022-32213

Exploit
  • EPSS 89.07%
  • Veröffentlicht 14.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:56

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

6.5

CVE-2022-32215

Exploit
  • EPSS 88.11%
  • Veröffentlicht 14.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:56

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

7.8

CVE-2022-29187

  • EPSS 0.05%
  • Veröffentlicht 12.07.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:58:40

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue ...

6.5

CVE-2022-29900

  • EPSS 1.41%
  • Veröffentlicht 12.07.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:59:55

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

6.5

CVE-2022-29901

  • EPSS 0.08%
  • Veröffentlicht 12.07.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:59:56

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve ...