Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2022-25258

  • EPSS 0.18%
  • Veröffentlicht 16.02.2022 20:15:07
  • Zuletzt bearbeitet 21.11.2024 06:51:53

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function ...

7.8

CVE-2021-3578

  • EPSS 2.29%
  • Veröffentlicht 16.02.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:53

A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. ...

7.9

CVE-2021-3752

Exploit
  • EPSS 0.04%
  • Veröffentlicht 16.02.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:20

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The...

7.8

CVE-2021-3760

  • EPSS 0.14%
  • Veröffentlicht 16.02.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:21

A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.

9.8

CVE-2021-3773

  • EPSS 0.65%
  • Veröffentlicht 16.02.2022 19:15:08
  • Zuletzt bearbeitet 28.03.2025 15:15:41

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

9.9

CVE-2021-3781

  • EPSS 9.27%
  • Veröffentlicht 16.02.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:24

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the...

7.8

CVE-2022-23803

Exploit
  • EPSS 1.28%
  • Veröffentlicht 16.02.2022 17:15:13
  • Zuletzt bearbeitet 21.11.2024 06:49:17

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code exe...

7.8

CVE-2022-23804

Exploit
  • EPSS 0.95%
  • Veröffentlicht 16.02.2022 17:15:13
  • Zuletzt bearbeitet 21.11.2024 06:49:17

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code exe...

7.8

CVE-2021-3551

  • EPSS 0.02%
  • Veröffentlicht 16.02.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 06:21:49

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privile...

9.8

CVE-2022-0559

Exploit
  • EPSS 0.33%
  • Veröffentlicht 16.02.2022 11:15:07
  • Zuletzt bearbeitet 21.11.2024 06:38:54

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.