Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.98%
  • Veröffentlicht 03.07.2023 13:15:09
  • Zuletzt bearbeitet 04.11.2025 18:15:40

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

Exploit
  • EPSS 3.91%
  • Veröffentlicht 01.07.2023 00:15:10
  • Zuletzt bearbeitet 04.11.2025 17:15:36

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the ...

  • EPSS 0.55%
  • Veröffentlicht 30.06.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 07:38:40

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CP...

Exploit
  • EPSS 0.87%
  • Veröffentlicht 27.06.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 08:17:15

Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.

Exploit
  • EPSS 0.87%
  • Veröffentlicht 27.06.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 08:17:15

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.

  • EPSS 3.24%
  • Veröffentlicht 25.06.2023 22:15:21
  • Zuletzt bearbeitet 05.12.2024 15:15:07

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

  • EPSS 0.26%
  • Veröffentlicht 23.06.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:16:42

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileg...

Exploit
  • EPSS 1.4%
  • Veröffentlicht 22.06.2023 23:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:50

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has b...

  • EPSS 3.78%
  • Veröffentlicht 21.06.2023 17:15:47
  • Zuletzt bearbeitet 21.11.2024 07:59:22

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-ca...

  • EPSS 2.58%
  • Veröffentlicht 21.06.2023 17:15:47
  • Zuletzt bearbeitet 21.11.2024 07:59:33

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly du...