Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-46343

  • EPSS 1.26%
  • Published 14.12.2022 21:15:13
  • Last modified 22.04.2025 16:15:41

A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is...

8.8

CVE-2022-46344

  • EPSS 1.06%
  • Published 14.12.2022 21:15:13
  • Last modified 21.11.2024 07:30:25

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to lo...

8.6

CVE-2022-2601

  • EPSS 0.08%
  • Published 14.12.2022 21:15:10
  • Last modified 21.11.2024 07:01:19

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow...

8.8

CVE-2022-4223

  • EPSS 78.16%
  • Published 13.12.2022 16:15:26
  • Last modified 14.04.2025 19:15:34

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is ...

9.8

CVE-2022-4170

  • EPSS 1.99%
  • Published 09.12.2022 18:15:20
  • Last modified 14.04.2025 18:15:25

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.

5.3

CVE-2022-41717

  • EPSS 0.44%
  • Published 08.12.2022 20:15:10
  • Last modified 21.11.2024 07:23:43

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending v...

5.3

CVE-2022-4122

  • EPSS 0.13%
  • Published 08.12.2022 16:15:14
  • Last modified 22.04.2025 21:15:44

A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.

3.3

CVE-2022-4123

  • EPSS 0.03%
  • Published 08.12.2022 16:15:14
  • Last modified 22.04.2025 21:15:44

A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.

9.8

CVE-2022-24439

Exploit
  • EPSS 70.54%
  • Published 06.12.2022 05:15:11
  • Last modified 21.11.2024 06:50:25

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possibl...

6.1

CVE-2022-46391

  • EPSS 0.3%
  • Published 04.12.2022 03:15:09
  • Last modified 24.04.2025 16:15:23

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.