Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2021-45083

  • EPSS 0.03%
  • Veröffentlicht 20.02.2022 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:31:54

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file co...

7.8

CVE-2022-0685

Exploit
  • EPSS 0.29%
  • Veröffentlicht 20.02.2022 11:15:07
  • Zuletzt bearbeitet 21.11.2024 06:39:10

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.

7.8

CVE-2021-45082

Exploit
  • EPSS 0.04%
  • Veröffentlicht 19.02.2022 00:15:17
  • Zuletzt bearbeitet 21.11.2024 06:31:54

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

5.5

CVE-2022-23645

  • EPSS 0.04%
  • Veröffentlicht 18.02.2022 21:15:13
  • Zuletzt bearbeitet 21.11.2024 06:49:00

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize...

7.8

CVE-2022-24052

  • EPSS 0.09%
  • Veröffentlicht 18.02.2022 20:15:18
  • Zuletzt bearbeitet 21.11.2024 06:49:44

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerabil...

7.8

CVE-2022-24048

  • EPSS 0.09%
  • Veröffentlicht 18.02.2022 20:15:17
  • Zuletzt bearbeitet 21.11.2024 06:49:43

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerabi...

7.8

CVE-2022-24050

  • EPSS 0.09%
  • Veröffentlicht 18.02.2022 20:15:17
  • Zuletzt bearbeitet 21.11.2024 06:49:44

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The spe...

7.8

CVE-2022-24051

  • EPSS 0.08%
  • Veröffentlicht 18.02.2022 20:15:17
  • Zuletzt bearbeitet 21.11.2024 06:49:44

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The spec...

6.5

CVE-2022-0585

Exploit
  • EPSS 0.07%
  • Veröffentlicht 18.02.2022 18:15:11
  • Zuletzt bearbeitet 03.11.2025 22:15:54

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file

8.8

CVE-2021-4093

Exploit
  • EPSS 0.09%
  • Veröffentlicht 18.02.2022 18:15:10
  • Zuletzt bearbeitet 21.11.2024 06:36:53

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instru...