Fedoraproject

Fedora

5355 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-46021

Exploit
  • EPSS 0.14%
  • Veröffentlicht 14.01.2022 20:15:15
  • Zuletzt bearbeitet 21.11.2024 06:33:29

An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

5.5

CVE-2021-46022

Exploit
  • EPSS 0.23%
  • Veröffentlicht 14.01.2022 20:15:15
  • Zuletzt bearbeitet 21.11.2024 06:33:29

An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

7.5

CVE-2022-21680

Exploit
  • EPSS 0.71%
  • Veröffentlicht 14.01.2022 17:15:13
  • Zuletzt bearbeitet 21.11.2024 06:45:13

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markd...

7.5

CVE-2022-21681

Exploit
  • EPSS 0.7%
  • Veröffentlicht 14.01.2022 17:15:13
  • Zuletzt bearbeitet 21.11.2024 06:45:13

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown throug...

7.8

CVE-2022-23222

Exploit
  • EPSS 1.11%
  • Veröffentlicht 14.01.2022 08:15:07
  • Zuletzt bearbeitet 21.11.2024 06:48:13

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.

6.5

CVE-2022-21682

  • EPSS 0.34%
  • Veröffentlicht 13.01.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:45:13

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory wi...

7.5

CVE-2022-23132

  • EPSS 0.14%
  • Veröffentlicht 13.01.2022 16:15:08
  • Zuletzt bearbeitet 03.11.2025 22:15:55

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file syste...

5.4

CVE-2022-23133

  • EPSS 0.96%
  • Veröffentlicht 13.01.2022 16:15:08
  • Zuletzt bearbeitet 03.11.2025 22:15:55

An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation,...

5.3

CVE-2022-23134

Warnung
  • EPSS 92.61%
  • Veröffentlicht 13.01.2022 16:15:08
  • Zuletzt bearbeitet 30.10.2025 20:10:35

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

8.8

CVE-2022-0196

Exploit
  • EPSS 0.15%
  • Veröffentlicht 13.01.2022 01:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:07

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)