Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-31813

  • EPSS 0.03%
  • Veröffentlicht 09.06.2022 17:15:09
  • Zuletzt bearbeitet 01.05.2025 15:35:29

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

6.9

CVE-2022-26362

  • EPSS 0.05%
  • Veröffentlicht 09.06.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:53:49

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable...

7.2

CVE-2022-26363

  • EPSS 0.08%
  • Veröffentlicht 09.06.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:53:50

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a reg...

7.8

CVE-2022-2000

Exploit
  • EPSS 0.33%
  • Veröffentlicht 09.06.2022 16:15:08
  • Zuletzt bearbeitet 03.11.2025 21:15:51

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8

CVE-2022-31214

  • EPSS 0.07%
  • Veröffentlicht 09.06.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:04:08

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linu...

7.8

CVE-2022-1998

  • EPSS 0.15%
  • Veröffentlicht 09.06.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:41:55

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate th...

5.5

CVE-2022-31030

  • EPSS 0.11%
  • Veröffentlicht 09.06.2022 14:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:44

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can...

9.1

CVE-2022-1996

Exploit
  • EPSS 0.96%
  • Veröffentlicht 08.06.2022 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:41:54

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.

9.8

CVE-2022-24065

Exploit
  • EPSS 1.78%
  • Veröffentlicht 08.06.2022 08:15:07
  • Zuletzt bearbeitet 21.11.2024 06:49:45

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional...

7.8

CVE-2022-1708

Exploit
  • EPSS 0.59%
  • Veröffentlicht 07.06.2022 18:15:11
  • Zuletzt bearbeitet 21.11.2024 06:41:17

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O...