Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2022-0322

  • EPSS 0.08%
  • Published 25.03.2022 19:15:09
  • Last modified 21.11.2024 06:38:22

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON i...

7.5

CVE-2022-24778

Exploit
  • EPSS 0.18%
  • Published 25.03.2022 18:15:22
  • Last modified 21.11.2024 06:51:04

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` ...

7.5

CVE-2022-27227

  • EPSS 0.11%
  • Published 25.03.2022 15:15:07
  • Last modified 21.11.2024 06:55:27

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfer...

7.5

CVE-2018-25032

Exploit
  • EPSS 0.09%
  • Published 25.03.2022 09:15:08
  • Last modified 21.08.2025 20:37:11

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

5.9

CVE-2022-24769

  • EPSS 0.09%
  • Published 24.03.2022 20:15:09
  • Last modified 21.11.2024 06:51:03

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process ...

6.5

CVE-2022-0996

Exploit
  • EPSS 0.13%
  • Published 23.03.2022 20:15:10
  • Last modified 03.11.2025 21:15:50

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

7.4

CVE-2021-3618

  • EPSS 0.49%
  • Published 23.03.2022 20:15:09
  • Last modified 21.11.2024 06:21:59

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traf...

7.5

CVE-2021-3748

  • EPSS 0.03%
  • Published 23.03.2022 20:15:09
  • Last modified 21.11.2024 06:22:19

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious gues...

5.5

CVE-2021-4148

Exploit
  • EPSS 0.01%
  • Published 23.03.2022 20:15:09
  • Last modified 21.11.2024 06:37:00

A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.

4

CVE-2021-25220

  • EPSS 0.08%
  • Published 23.03.2022 13:15:07
  • Last modified 21.11.2024 05:54:34

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also be...