Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2021-3618

  • EPSS 0.62%
  • Veröffentlicht 23.03.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:21:59

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traf...

7.5

CVE-2021-3748

  • EPSS 0.03%
  • Veröffentlicht 23.03.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:19

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious gues...

5.5

CVE-2021-4148

Exploit
  • EPSS 0.01%
  • Veröffentlicht 23.03.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:37:00

A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.

4

CVE-2021-25220

  • EPSS 0.11%
  • Veröffentlicht 23.03.2022 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:54:34

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also be...

5.3

CVE-2022-0396

  • EPSS 0.11%
  • Veröffentlicht 23.03.2022 11:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:32

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, eve...

7.8

CVE-2022-27666

  • EPSS 0.8%
  • Veröffentlicht 23.03.2022 06:15:06
  • Zuletzt bearbeitet 21.11.2024 06:56:08

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation ...

9.8

CVE-2022-0547

  • EPSS 0.59%
  • Veröffentlicht 18.03.2022 18:15:12
  • Zuletzt bearbeitet 03.11.2025 21:15:49

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially ...

7.8

CVE-2022-1011

  • EPSS 0.2%
  • Veröffentlicht 18.03.2022 18:15:12
  • Zuletzt bearbeitet 21.11.2024 06:39:51

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

7.5

CVE-2022-27191

  • EPSS 0.09%
  • Veröffentlicht 18.03.2022 07:15:06
  • Zuletzt bearbeitet 21.11.2024 06:55:22

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

5.9

CVE-2022-24302

Exploit
  • EPSS 0.73%
  • Veröffentlicht 17.03.2022 22:15:08
  • Zuletzt bearbeitet 16.12.2025 02:15:46

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.