Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-24329

Exploit
  • EPSS 1.31%
  • Veröffentlicht 17.02.2023 15:15:12
  • Zuletzt bearbeitet 03.11.2025 22:16:05

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

7.4

CVE-2023-0361

Exploit
  • EPSS 1.66%
  • Veröffentlicht 15.02.2023 18:15:11
  • Zuletzt bearbeitet 19.03.2025 18:15:18

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a s...

6.5

CVE-2023-0003

  • EPSS 1.05%
  • Veröffentlicht 08.02.2023 18:15:11
  • Zuletzt bearbeitet 13.02.2025 17:15:52

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

7.5

CVE-2022-46663

  • EPSS 0.1%
  • Veröffentlicht 07.02.2023 21:15:09
  • Zuletzt bearbeitet 25.03.2025 15:15:16

In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.

7.5

CVE-2023-25193

  • EPSS 0.05%
  • Veröffentlicht 04.02.2023 20:15:08
  • Zuletzt bearbeitet 25.03.2025 21:15:41

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

6.5

CVE-2023-25136

Exploit
  • EPSS 90.97%
  • Veröffentlicht 03.02.2023 06:15:09
  • Zuletzt bearbeitet 21.11.2024 07:49:10

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to an...

5.5

CVE-2022-3560

  • EPSS 0.03%
  • Veröffentlicht 02.02.2023 21:22:38
  • Zuletzt bearbeitet 26.03.2025 19:15:18

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign'...

5.5

CVE-2022-48303

Exploit
  • EPSS 0.06%
  • Veröffentlicht 30.01.2023 04:15:08
  • Zuletzt bearbeitet 27.03.2025 21:15:40

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archiv...

5.5

CVE-2022-4285

Exploit
  • EPSS 0.03%
  • Veröffentlicht 27.01.2023 18:15:15
  • Zuletzt bearbeitet 28.03.2025 16:15:25

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

7.8

CVE-2022-47021

Exploit
  • EPSS 0.08%
  • Veröffentlicht 20.01.2023 19:15:17
  • Zuletzt bearbeitet 03.04.2025 16:15:29

A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.