Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2021-45083

  • EPSS 0.03%
  • Published 20.02.2022 18:15:07
  • Last modified 21.11.2024 06:31:54

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file co...

7.8

CVE-2022-0685

Exploit
  • EPSS 0.29%
  • Published 20.02.2022 11:15:07
  • Last modified 21.11.2024 06:39:10

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.

7.8

CVE-2021-45082

Exploit
  • EPSS 0.04%
  • Published 19.02.2022 00:15:17
  • Last modified 21.11.2024 06:31:54

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

5.5

CVE-2022-23645

  • EPSS 0.04%
  • Published 18.02.2022 21:15:13
  • Last modified 21.11.2024 06:49:00

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize...

7.8

CVE-2022-24052

  • EPSS 0.09%
  • Published 18.02.2022 20:15:18
  • Last modified 21.11.2024 06:49:44

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerabil...

7.8

CVE-2022-24048

  • EPSS 0.09%
  • Published 18.02.2022 20:15:17
  • Last modified 21.11.2024 06:49:43

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerabi...

7.8

CVE-2022-24050

  • EPSS 0.09%
  • Published 18.02.2022 20:15:17
  • Last modified 21.11.2024 06:49:44

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The spe...

7.8

CVE-2022-24051

  • EPSS 0.08%
  • Published 18.02.2022 20:15:17
  • Last modified 21.11.2024 06:49:44

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The spec...

6.5

CVE-2022-0585

Exploit
  • EPSS 0.07%
  • Published 18.02.2022 18:15:11
  • Last modified 03.11.2025 22:15:54

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file

8.8

CVE-2021-4093

Exploit
  • EPSS 0.09%
  • Published 18.02.2022 18:15:10
  • Last modified 21.11.2024 06:36:53

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instru...