Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.17%
  • Veröffentlicht 08.02.2022 21:15:20
  • Zuletzt bearbeitet 21.11.2024 06:45:17

Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended ...

Exploit
  • EPSS 1.01%
  • Veröffentlicht 08.02.2022 21:15:19
  • Zuletzt bearbeitet 21.11.2024 06:38:49

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.

Exploit
  • EPSS 0.95%
  • Veröffentlicht 08.02.2022 21:15:19
  • Zuletzt bearbeitet 21.11.2024 06:38:49

Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.

Exploit
  • EPSS 1.1%
  • Veröffentlicht 08.02.2022 21:15:19
  • Zuletzt bearbeitet 21.11.2024 06:38:49

Use After Free in NPM radare2.js prior to 5.6.2.

Exploit
  • EPSS 0.96%
  • Veröffentlicht 08.02.2022 21:15:19
  • Zuletzt bearbeitet 21.11.2024 06:38:49

Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.

Exploit
  • EPSS 2.36%
  • Veröffentlicht 08.02.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:45:16

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and exe...

  • EPSS 1.38%
  • Veröffentlicht 07.02.2022 22:15:08
  • Zuletzt bearbeitet 25.11.2024 18:12:24

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. Br...

  • EPSS 0.49%
  • Veröffentlicht 07.02.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:48:56

xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code...

Exploit
  • EPSS 4.77%
  • Veröffentlicht 06.02.2022 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:26:48

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem befo...

  • EPSS 8.21%
  • Veröffentlicht 04.02.2022 23:15:15
  • Zuletzt bearbeitet 21.11.2024 06:48:56

Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly...