Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2022-0396

  • EPSS 0.01%
  • Veröffentlicht 23.03.2022 11:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:32

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, eve...

7.8

CVE-2022-27666

  • EPSS 0.8%
  • Veröffentlicht 23.03.2022 06:15:06
  • Zuletzt bearbeitet 21.11.2024 06:56:08

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation ...

9.8

CVE-2022-0547

  • EPSS 0.56%
  • Veröffentlicht 18.03.2022 18:15:12
  • Zuletzt bearbeitet 03.11.2025 21:15:49

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially ...

7.8

CVE-2022-1011

  • EPSS 0.2%
  • Veröffentlicht 18.03.2022 18:15:12
  • Zuletzt bearbeitet 21.11.2024 06:39:51

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

7.5

CVE-2022-27191

  • EPSS 0.08%
  • Veröffentlicht 18.03.2022 07:15:06
  • Zuletzt bearbeitet 21.11.2024 06:55:22

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

5.9

CVE-2022-24302

Exploit
  • EPSS 0.56%
  • Veröffentlicht 17.03.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:50:07

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

7.5

CVE-2022-24729

  • EPSS 0.51%
  • Veröffentlicht 16.03.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:50:57

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a ...

6.1

CVE-2021-23648

Exploit
  • EPSS 0.12%
  • Veröffentlicht 16.03.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:51:51

The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.

5.4

CVE-2022-24728

  • EPSS 0.72%
  • Veröffentlicht 16.03.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 06:50:57

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to in...

6.5

CVE-2021-20257

  • EPSS 0.1%
  • Veröffentlicht 16.03.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 05:46:13

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to cons...