Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.6

CVE-2022-39319

  • EPSS 0.07%
  • Published 16.11.2022 21:15:10
  • Last modified 21.11.2024 07:18:01

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to...

5.7

CVE-2022-39316

  • EPSS 0.11%
  • Published 16.11.2022 20:15:10
  • Last modified 21.11.2024 07:18:01

FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it...

4.6

CVE-2022-39320

  • EPSS 0.04%
  • Published 16.11.2022 20:15:10
  • Last modified 21.11.2024 07:18:01

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP ba...

5.7

CVE-2022-39347

  • EPSS 0.11%
  • Published 16.11.2022 20:15:10
  • Last modified 21.11.2024 07:18:05

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the share...

4.6

CVE-2022-41877

  • EPSS 0.08%
  • Published 16.11.2022 20:15:10
  • Last modified 21.11.2024 07:23:58

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the ...

5.5

CVE-2022-37290

Exploit
  • EPSS 0.02%
  • Published 14.11.2022 08:15:09
  • Last modified 01.05.2025 14:15:26

GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.

7.8

CVE-2022-45188

Exploit
  • EPSS 0.05%
  • Published 12.11.2022 05:15:12
  • Last modified 21.11.2024 07:28:55

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

6.5

CVE-2022-41854

Exploit
  • EPSS 0.1%
  • Published 11.11.2022 13:15:11
  • Last modified 21.11.2024 07:23:56

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect m...

9.8

CVE-2022-45063

Exploit
  • EPSS 5.69%
  • Published 10.11.2022 16:15:12
  • Last modified 21.11.2024 07:28:42

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations o...

8.1

CVE-2022-38023

  • EPSS 0.31%
  • Published 09.11.2022 22:15:16
  • Last modified 02.01.2025 22:15:15

Netlogon RPC Elevation of Privilege Vulnerability