Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.95%
  • Veröffentlicht 20.09.2022 07:15:12
  • Zuletzt bearbeitet 03.11.2025 20:15:56

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, acc...

  • EPSS 0.47%
  • Veröffentlicht 19.09.2022 18:15:09
  • Zuletzt bearbeitet 21.11.2024 07:19:03

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

Exploit
  • EPSS 0.48%
  • Veröffentlicht 18.09.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 07:19:06

Use After Free in GitHub repository vim/vim prior to 9.0.0490.

  • EPSS 0.28%
  • Veröffentlicht 18.09.2022 05:15:08
  • Zuletzt bearbeitet 21.11.2024 07:22:01

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

Exploit
  • EPSS 0.5%
  • Veröffentlicht 17.09.2022 22:15:09
  • Zuletzt bearbeitet 21.11.2024 07:19:06

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.

  • EPSS 0.5%
  • Veröffentlicht 16.09.2022 18:15:12
  • Zuletzt bearbeitet 21.11.2024 07:03:08

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASL...

  • EPSS 1.64%
  • Veröffentlicht 15.09.2022 18:15:12
  • Zuletzt bearbeitet 21.11.2024 07:17:47

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and sub...

  • EPSS 1.67%
  • Veröffentlicht 14.09.2022 11:15:54
  • Zuletzt bearbeitet 30.05.2025 20:15:30

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

  • EPSS 0.67%
  • Veröffentlicht 14.09.2022 11:15:53
  • Zuletzt bearbeitet 21.11.2024 07:21:44

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.

Exploit
  • EPSS 0.36%
  • Veröffentlicht 14.09.2022 11:15:53
  • Zuletzt bearbeitet 21.11.2024 07:21:49

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.