Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.47%
  • Veröffentlicht 26.05.2023 18:15:13
  • Zuletzt bearbeitet 15.01.2025 17:15:11

Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.

  • EPSS 1.06%
  • Veröffentlicht 26.05.2023 18:15:13
  • Zuletzt bearbeitet 03.11.2025 21:15:57

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory...

Exploit
  • EPSS 0.39%
  • Veröffentlicht 26.05.2023 18:15:11
  • Zuletzt bearbeitet 03.11.2025 22:16:03

A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.

  • EPSS 1.31%
  • Veröffentlicht 26.05.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 07:39:39

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.

  • EPSS 1.58%
  • Veröffentlicht 25.05.2023 23:15:09
  • Zuletzt bearbeitet 21.11.2024 08:02:38

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erro...

  • EPSS 0.94%
  • Veröffentlicht 25.05.2023 22:15:09
  • Zuletzt bearbeitet 13.02.2025 17:16:26

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which co...

  • EPSS 0.33%
  • Veröffentlicht 25.05.2023 22:15:09
  • Zuletzt bearbeitet 13.02.2025 17:16:26

c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration p...

  • EPSS 0.91%
  • Veröffentlicht 25.05.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:01:29

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predict...

  • EPSS 0.33%
  • Veröffentlicht 18.05.2023 08:15:08
  • Zuletzt bearbeitet 03.11.2025 18:15:40

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.

Exploit
  • EPSS 0.43%
  • Veröffentlicht 17.05.2023 22:15:11
  • Zuletzt bearbeitet 22.01.2025 19:15:09

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TI...