Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2022-44020

  • EPSS 0.03%
  • Veröffentlicht 30.10.2022 00:15:10
  • Zuletzt bearbeitet 07.05.2025 14:15:38

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsu...

8.1

CVE-2022-42915

  • EPSS 0.42%
  • Veröffentlicht 29.10.2022 20:15:09
  • Zuletzt bearbeitet 07.05.2025 14:15:33

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol thro...

7.8

CVE-2022-41974

Exploit
  • EPSS 0.03%
  • Veröffentlicht 29.10.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:24:11

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multip...

7.8

CVE-2022-41973

Exploit
  • EPSS 0.22%
  • Veröffentlicht 29.10.2022 18:15:12
  • Zuletzt bearbeitet 21.11.2024 07:24:11

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which...

7.5

CVE-2022-42916

  • EPSS 0.05%
  • Veröffentlicht 29.10.2022 02:15:09
  • Zuletzt bearbeitet 21.11.2024 07:25:35

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL....

7.5

CVE-2022-3725

Exploit
  • EPSS 0.06%
  • Veröffentlicht 27.10.2022 17:15:10
  • Zuletzt bearbeitet 09.05.2025 20:15:37

Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file

8.8

CVE-2022-39286

  • EPSS 0.42%
  • Veröffentlicht 26.10.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 07:17:57

Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD...

7.5

CVE-2022-3705

  • EPSS 0.3%
  • Veröffentlicht 26.10.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 07:20:04

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remo...

7.5

CVE-2022-43680

Exploit
  • EPSS 0.31%
  • Veröffentlicht 24.10.2022 14:15:53
  • Zuletzt bearbeitet 30.05.2025 20:15:31

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

9.1

CVE-2021-46848

Exploit
  • EPSS 0.27%
  • Veröffentlicht 24.10.2022 14:15:49
  • Zuletzt bearbeitet 07.05.2025 15:15:52

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.