Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.87%
  • Veröffentlicht 01.08.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 07:03:11

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation ...

  • EPSS 1.49%
  • Veröffentlicht 01.08.2022 14:15:09
  • Zuletzt bearbeitet 02.12.2025 21:15:49

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

Exploit
  • EPSS 1.39%
  • Veröffentlicht 29.07.2022 23:15:08
  • Zuletzt bearbeitet 21.11.2024 07:09:42

A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.

Exploit
  • EPSS 2.18%
  • Veröffentlicht 28.07.2022 21:15:08
  • Zuletzt bearbeitet 29.05.2026 20:16:21

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break ou...

  • EPSS 0.92%
  • Veröffentlicht 28.07.2022 15:15:07
  • Zuletzt bearbeitet 21.11.2024 07:01:14

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes...

  • EPSS 0.66%
  • Veröffentlicht 28.07.2022 02:15:07
  • Zuletzt bearbeitet 21.11.2024 07:00:27

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.

Warnung
  • EPSS 70.46%
  • Veröffentlicht 28.07.2022 02:15:07
  • Zuletzt bearbeitet 24.10.2025 14:09:38

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • EPSS 1.24%
  • Veröffentlicht 28.07.2022 02:15:07
  • Zuletzt bearbeitet 21.11.2024 07:00:42

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • EPSS 0.94%
  • Veröffentlicht 28.07.2022 02:15:07
  • Zuletzt bearbeitet 21.11.2024 07:00:42

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

  • EPSS 1.07%
  • Veröffentlicht 28.07.2022 01:15:17
  • Zuletzt bearbeitet 21.11.2024 07:00:27

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.