Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-24729

  • EPSS 0.86%
  • Veröffentlicht 16.03.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:50:57

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a ...

6.1

CVE-2021-23648

Exploit
  • EPSS 0.29%
  • Veröffentlicht 16.03.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:51:51

The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.

5.4

CVE-2022-24728

  • EPSS 0.75%
  • Veröffentlicht 16.03.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 06:50:57

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to in...

6.5

CVE-2021-20257

  • EPSS 0.08%
  • Veröffentlicht 16.03.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 05:46:13

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to cons...

7.5

CVE-2021-45848

Exploit
  • EPSS 0.48%
  • Veröffentlicht 15.03.2022 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:33:09

Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.

7.5

CVE-2022-0778

Warnung
  • EPSS 8.12%
  • Veröffentlicht 15.03.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:39:22

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed ...

7.8

CVE-2022-0943

Exploit
  • EPSS 0.22%
  • Veröffentlicht 14.03.2022 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:39:42

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.

7.8

CVE-2022-20001

  • EPSS 0.41%
  • Veröffentlicht 14.03.2022 19:15:11
  • Zuletzt bearbeitet 21.11.2024 06:41:55

fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When us...

7.5

CVE-2022-22719

  • EPSS 29.31%
  • Veröffentlicht 14.03.2022 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:18

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

9.8

CVE-2022-22720

  • EPSS 31.72%
  • Veröffentlicht 14.03.2022 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:18

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling