Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-34526

Exploit
  • EPSS 0.29%
  • Veröffentlicht 29.07.2022 23:15:08
  • Zuletzt bearbeitet 21.11.2024 07:09:42

A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.

10

CVE-2021-41556

Exploit
  • EPSS 0.74%
  • Veröffentlicht 28.07.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:26:24

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break ou...

6.5

CVE-2022-2553

  • EPSS 0.17%
  • Veröffentlicht 28.07.2022 15:15:07
  • Zuletzt bearbeitet 21.11.2024 07:01:14

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes...

8.8

CVE-2022-2163

  • EPSS 0.43%
  • Veröffentlicht 28.07.2022 02:15:07
  • Zuletzt bearbeitet 21.11.2024 07:00:27

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.

8.8

CVE-2022-2294

Warnung
  • EPSS 1.23%
  • Veröffentlicht 28.07.2022 02:15:07
  • Zuletzt bearbeitet 24.10.2025 14:09:38

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2022-2295

  • EPSS 1.47%
  • Veröffentlicht 28.07.2022 02:15:07
  • Zuletzt bearbeitet 21.11.2024 07:00:42

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2022-2296

  • EPSS 1.44%
  • Veröffentlicht 28.07.2022 02:15:07
  • Zuletzt bearbeitet 21.11.2024 07:00:42

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

8.8

CVE-2022-2162

  • EPSS 0.38%
  • Veröffentlicht 28.07.2022 01:15:17
  • Zuletzt bearbeitet 21.11.2024 07:00:27

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.

6.3

CVE-2022-2164

  • EPSS 0.21%
  • Veröffentlicht 28.07.2022 01:15:17
  • Zuletzt bearbeitet 21.11.2024 07:00:27

Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.

4.3

CVE-2022-2165

  • EPSS 0.45%
  • Veröffentlicht 28.07.2022 01:15:17
  • Zuletzt bearbeitet 21.11.2024 07:00:27

Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.