Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-21680

Exploit
  • EPSS 0.71%
  • Veröffentlicht 14.01.2022 17:15:13
  • Zuletzt bearbeitet 21.11.2024 06:45:13

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markd...

7.5

CVE-2022-21681

Exploit
  • EPSS 0.7%
  • Veröffentlicht 14.01.2022 17:15:13
  • Zuletzt bearbeitet 21.11.2024 06:45:13

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown throug...

7.8

CVE-2022-23222

Exploit
  • EPSS 0.73%
  • Veröffentlicht 14.01.2022 08:15:07
  • Zuletzt bearbeitet 21.11.2024 06:48:13

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.

6.5

CVE-2022-21682

  • EPSS 0.34%
  • Veröffentlicht 13.01.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:45:13

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory wi...

7.5

CVE-2022-23132

  • EPSS 0.14%
  • Veröffentlicht 13.01.2022 16:15:08
  • Zuletzt bearbeitet 03.11.2025 22:15:55

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file syste...

5.4

CVE-2022-23133

  • EPSS 0.96%
  • Veröffentlicht 13.01.2022 16:15:08
  • Zuletzt bearbeitet 03.11.2025 22:15:55

An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation,...

5.3

CVE-2022-23134

Warnung
  • EPSS 93.1%
  • Veröffentlicht 13.01.2022 16:15:08
  • Zuletzt bearbeitet 30.10.2025 20:10:35

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

8.8

CVE-2022-0196

Exploit
  • EPSS 0.15%
  • Veröffentlicht 13.01.2022 01:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:07

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

8.8

CVE-2022-0197

Exploit
  • EPSS 0.15%
  • Veröffentlicht 13.01.2022 01:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:07

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

8.6

CVE-2021-43860

  • EPSS 0.17%
  • Veröffentlicht 12.01.2022 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:29:57

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to...