Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2022-3560

  • EPSS 0.02%
  • Veröffentlicht 02.02.2023 21:22:38
  • Zuletzt bearbeitet 26.03.2025 19:15:18

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign'...

5.5

CVE-2022-48303

Exploit
  • EPSS 0.04%
  • Veröffentlicht 30.01.2023 04:15:08
  • Zuletzt bearbeitet 27.03.2025 21:15:40

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archiv...

5.5

CVE-2022-4285

Exploit
  • EPSS 0.03%
  • Veröffentlicht 27.01.2023 18:15:15
  • Zuletzt bearbeitet 28.03.2025 16:15:25

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

7.8

CVE-2022-47021

Exploit
  • EPSS 0.07%
  • Veröffentlicht 20.01.2023 19:15:17
  • Zuletzt bearbeitet 03.04.2025 16:15:29

A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.

7.8

CVE-2023-22809

Exploit
  • EPSS 50.16%
  • Veröffentlicht 18.01.2023 17:15:10
  • Zuletzt bearbeitet 04.04.2025 16:15:16

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to proce...

4.3

CVE-2018-14628

Exploit
  • EPSS 0.42%
  • Veröffentlicht 17.01.2023 18:15:10
  • Zuletzt bearbeitet 22.01.2025 16:10:38

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

8

CVE-2022-47318

  • EPSS 0.69%
  • Veröffentlicht 17.01.2023 10:15:11
  • Zuletzt bearbeitet 04.04.2025 16:15:16

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46...

6.1

CVE-2023-22298

  • EPSS 0.47%
  • Veröffentlicht 17.01.2023 10:15:11
  • Zuletzt bearbeitet 03.04.2025 16:15:31

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

6.5

CVE-2023-23589

Exploit
  • EPSS 0.24%
  • Veröffentlicht 14.01.2023 01:15:15
  • Zuletzt bearbeitet 07.04.2025 19:15:52

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

5.5

CVE-2023-23456

Exploit
  • EPSS 0.01%
  • Veröffentlicht 12.01.2023 19:15:24
  • Zuletzt bearbeitet 11.04.2025 12:27:55

A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.