Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.7%
  • Veröffentlicht 15.01.2022 02:15:06
  • Zuletzt bearbeitet 21.11.2024 06:47:58

Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.

Exploit
  • EPSS 1%
  • Veröffentlicht 14.01.2022 20:15:15
  • Zuletzt bearbeitet 21.11.2024 06:33:28

An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

Exploit
  • EPSS 0.95%
  • Veröffentlicht 14.01.2022 20:15:15
  • Zuletzt bearbeitet 21.11.2024 06:33:29

An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

Exploit
  • EPSS 0.97%
  • Veröffentlicht 14.01.2022 20:15:15
  • Zuletzt bearbeitet 21.11.2024 06:33:29

An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

Exploit
  • EPSS 2.83%
  • Veröffentlicht 14.01.2022 17:15:13
  • Zuletzt bearbeitet 21.11.2024 06:45:13

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markd...

Exploit
  • EPSS 2.74%
  • Veröffentlicht 14.01.2022 17:15:13
  • Zuletzt bearbeitet 21.11.2024 06:45:13

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown throug...

Exploit
  • EPSS 1.91%
  • Veröffentlicht 14.01.2022 08:15:07
  • Zuletzt bearbeitet 21.11.2024 06:48:13

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.

  • EPSS 1.67%
  • Veröffentlicht 13.01.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:45:13

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory wi...

  • EPSS 0.8%
  • Veröffentlicht 13.01.2022 16:15:08
  • Zuletzt bearbeitet 03.11.2025 22:15:55

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file syste...

  • EPSS 1.04%
  • Veröffentlicht 13.01.2022 16:15:08
  • Zuletzt bearbeitet 03.11.2025 22:15:55

An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation,...