Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.89%
  • Veröffentlicht 10.08.2022 06:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:18

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

  • EPSS 1.85%
  • Veröffentlicht 10.08.2022 06:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:18

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

Exploit
  • EPSS 2.6%
  • Veröffentlicht 06.08.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 07:15:00

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

Exploit
  • EPSS 0.39%
  • Veröffentlicht 05.08.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:09

A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host ...

  • EPSS 0.28%
  • Veröffentlicht 05.08.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:41:51

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.

Exploit
  • EPSS 16%
  • Veröffentlicht 05.08.2022 07:15:07
  • Zuletzt bearbeitet 30.05.2025 20:15:30

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib s...

Exploit
  • EPSS 1.67%
  • Veröffentlicht 03.08.2022 19:15:08
  • Zuletzt bearbeitet 03.11.2025 22:15:58

PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of...

Exploit
  • EPSS 1.66%
  • Veröffentlicht 02.08.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:58:35

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client perfo...

  • EPSS 1.48%
  • Veröffentlicht 01.08.2022 22:15:10
  • Zuletzt bearbeitet 21.11.2024 07:11:58

Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory (OOM) process abort in a client or a server. The root cause of the issue is during dataframe parsi...

  • EPSS 0.87%
  • Veröffentlicht 01.08.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 07:03:11

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue na...