Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.7

CVE-2023-28322

Exploit
  • EPSS 0.5%
  • Veröffentlicht 26.05.2023 21:15:16
  • Zuletzt bearbeitet 21.11.2024 07:54:50

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if ...

6.1

CVE-2023-32681

  • EPSS 6.28%
  • Veröffentlicht 26.05.2023 18:15:14
  • Zuletzt bearbeitet 13.02.2025 17:16:32

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorizatio...

7.8

CVE-2023-22970

  • EPSS 0.75%
  • Veröffentlicht 26.05.2023 18:15:13
  • Zuletzt bearbeitet 15.01.2025 17:15:11

Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.

6.5

CVE-2023-2283

  • EPSS 0.25%
  • Veröffentlicht 26.05.2023 18:15:13
  • Zuletzt bearbeitet 21.11.2024 07:58:18

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory...

5.5

CVE-2023-1981

Exploit
  • EPSS 0.02%
  • Veröffentlicht 26.05.2023 18:15:11
  • Zuletzt bearbeitet 15.01.2025 22:15:25

A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.

6.5

CVE-2023-1667

  • EPSS 1.15%
  • Veröffentlicht 26.05.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 07:39:39

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.

7.5

CVE-2023-32067

  • EPSS 0.38%
  • Veröffentlicht 25.05.2023 23:15:09
  • Zuletzt bearbeitet 21.11.2024 08:02:38

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erro...

3.7

CVE-2023-31124

  • EPSS 0.07%
  • Veröffentlicht 25.05.2023 22:15:09
  • Zuletzt bearbeitet 13.02.2025 17:16:26

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which co...

6.4

CVE-2023-31130

  • EPSS 0.01%
  • Veröffentlicht 25.05.2023 22:15:09
  • Zuletzt bearbeitet 13.02.2025 17:16:26

c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration p...

6.5

CVE-2023-31147

  • EPSS 0.09%
  • Veröffentlicht 25.05.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:01:29

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predict...