Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2022-24918

  • EPSS 0.56%
  • Veröffentlicht 09.03.2022 20:15:08
  • Zuletzt bearbeitet 03.11.2025 22:15:57

An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult ...

4.4

CVE-2022-24919

  • EPSS 0.41%
  • Veröffentlicht 09.03.2022 20:15:08
  • Zuletzt bearbeitet 03.11.2025 22:15:57

An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult...

6.8

CVE-2022-24512

  • EPSS 0.25%
  • Veröffentlicht 09.03.2022 17:15:15
  • Zuletzt bearbeitet 21.11.2024 06:50:34

.NET and Visual Studio Remote Code Execution Vulnerability

5

CVE-2022-24464

  • EPSS 2.95%
  • Veröffentlicht 09.03.2022 17:15:14
  • Zuletzt bearbeitet 21.11.2024 06:50:28

.NET and Visual Studio Denial of Service Vulnerability

7.5

CVE-2022-24713

  • EPSS 3.83%
  • Veröffentlicht 08.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:50:55

regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mi...

6.5

CVE-2022-24737

Exploit
  • EPSS 0.6%
  • Veröffentlicht 07.03.2022 23:15:07
  • Zuletzt bearbeitet 21.11.2024 06:50:59

HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTT...

9.8

CVE-2022-26495

Exploit
  • EPSS 0.29%
  • Veröffentlicht 06.03.2022 06:15:07
  • Zuletzt bearbeitet 21.11.2024 06:54:03

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling...

9.8

CVE-2022-26496

Exploit
  • EPSS 0.42%
  • Veröffentlicht 06.03.2022 06:15:07
  • Zuletzt bearbeitet 21.11.2024 06:54:03

In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.

7.8

CVE-2022-26490

  • EPSS 0.03%
  • Veröffentlicht 06.03.2022 04:15:07
  • Zuletzt bearbeitet 25.06.2025 21:01:34

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

8.8

CVE-2021-3656

  • EPSS 0.06%
  • Veröffentlicht 04.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:05

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the ...