Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 90.41%
  • Veröffentlicht 09.06.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 07:02:52

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.

  • EPSS 4.69%
  • Veröffentlicht 09.06.2022 17:15:09
  • Zuletzt bearbeitet 01.05.2025 15:35:37

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

  • EPSS 3.14%
  • Veröffentlicht 09.06.2022 17:15:09
  • Zuletzt bearbeitet 01.05.2025 15:35:29

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

  • EPSS 0.38%
  • Veröffentlicht 09.06.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:53:49

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable...

  • EPSS 0.34%
  • Veröffentlicht 09.06.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:53:50

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a reg...

Exploit
  • EPSS 1.53%
  • Veröffentlicht 09.06.2022 16:15:08
  • Zuletzt bearbeitet 03.11.2025 21:15:51

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

  • EPSS 0.38%
  • Veröffentlicht 09.06.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:04:08

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linu...

  • EPSS 0.32%
  • Veröffentlicht 09.06.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:41:55

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate th...

  • EPSS 0.38%
  • Veröffentlicht 09.06.2022 14:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:44

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can...

Exploit
  • EPSS 2.74%
  • Veröffentlicht 08.06.2022 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:41:54

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.