Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-46175

Exploit
  • EPSS 40.5%
  • Published 24.12.2022 04:15:08
  • Last modified 21.11.2024 07:30:15

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of key...

7.5

CVE-2022-43551

Exploit
  • EPSS 0.03%
  • Published 23.12.2022 15:15:15
  • Last modified 21.11.2024 07:26:45

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the U...

9.8

CVE-2021-33640

  • EPSS 0.19%
  • Published 19.12.2022 16:15:10
  • Last modified 02.04.2025 18:33:53

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).

7.5

CVE-2022-3109

  • EPSS 0.23%
  • Published 16.12.2022 15:15:09
  • Last modified 07.08.2025 19:26:18

An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.

5.3

CVE-2022-46392

  • EPSS 0.13%
  • Published 15.12.2022 23:15:10
  • Last modified 21.04.2025 15:15:55

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key ...

9.8

CVE-2022-46393

  • EPSS 0.9%
  • Published 15.12.2022 23:15:10
  • Last modified 21.04.2025 15:15:56

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_...

7.8

CVE-2022-4283

  • EPSS 0.2%
  • Published 14.12.2022 21:15:14
  • Last modified 29.08.2025 13:42:30

A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local pr...

8.8

CVE-2022-46340

  • EPSS 1.28%
  • Published 14.12.2022 21:15:13
  • Last modified 22.04.2025 16:15:40

A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInpu...

8.8

CVE-2022-46341

  • EPSS 1.26%
  • Published 14.12.2022 21:15:13
  • Last modified 22.04.2025 16:15:41

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on syst...

8.8

CVE-2022-46342

  • EPSS 0.12%
  • Published 14.12.2022 21:15:13
  • Last modified 22.04.2025 16:15:41

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se