Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-2607

  • EPSS 1.04%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:20

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8

CVE-2022-2608

  • EPSS 1.04%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:20

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8

CVE-2022-2609

  • EPSS 1.04%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:20

Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

6.5

CVE-2022-2610

  • EPSS 0.39%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:21

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3

CVE-2022-2611

  • EPSS 0.36%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:21

Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5

CVE-2022-2612

  • EPSS 0.38%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:21

Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

7.5

CVE-2022-38150

  • EPSS 0.68%
  • Veröffentlicht 11.08.2022 01:15:10
  • Zuletzt bearbeitet 20.10.2025 18:15:37

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This ...

5.5

CVE-2022-2719

  • EPSS 0.03%
  • Veröffentlicht 10.08.2022 20:15:36
  • Zuletzt bearbeitet 21.11.2024 07:01:34

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick versio...

7.5

CVE-2022-28131

  • EPSS 0.02%
  • Veröffentlicht 10.08.2022 20:15:32
  • Zuletzt bearbeitet 21.11.2024 06:56:48

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

9.1

CVE-2021-33643

  • EPSS 0.23%
  • Veröffentlicht 10.08.2022 20:15:20
  • Zuletzt bearbeitet 03.11.2025 21:15:41

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.