Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2022-44020

  • EPSS 0.03%
  • Published 30.10.2022 00:15:10
  • Last modified 07.05.2025 14:15:38

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsu...

8.1

CVE-2022-42915

  • EPSS 0.42%
  • Published 29.10.2022 20:15:09
  • Last modified 07.05.2025 14:15:33

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol thro...

7.8

CVE-2022-41974

Exploit
  • EPSS 0.03%
  • Published 29.10.2022 19:15:10
  • Last modified 21.11.2024 07:24:11

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multip...

7.8

CVE-2022-41973

Exploit
  • EPSS 0.22%
  • Published 29.10.2022 18:15:12
  • Last modified 21.11.2024 07:24:11

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which...

7.5

CVE-2022-42916

  • EPSS 0.05%
  • Published 29.10.2022 02:15:09
  • Last modified 21.11.2024 07:25:35

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL....

7.5

CVE-2022-3725

Exploit
  • EPSS 0.06%
  • Published 27.10.2022 17:15:10
  • Last modified 09.05.2025 20:15:37

Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file

8.8

CVE-2022-39286

  • EPSS 0.42%
  • Published 26.10.2022 20:15:10
  • Last modified 21.11.2024 07:17:57

Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD...

7.5

CVE-2022-3705

  • EPSS 0.3%
  • Published 26.10.2022 20:15:10
  • Last modified 21.11.2024 07:20:04

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remo...

7.5

CVE-2022-43680

Exploit
  • EPSS 0.31%
  • Published 24.10.2022 14:15:53
  • Last modified 30.05.2025 20:15:31

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

9.1

CVE-2021-46848

Exploit
  • EPSS 0.27%
  • Published 24.10.2022 14:15:49
  • Last modified 07.05.2025 15:15:52

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.