Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-0003

  • EPSS 1.37%
  • Veröffentlicht 08.02.2023 18:15:11
  • Zuletzt bearbeitet 13.02.2025 17:15:52

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

7.5

CVE-2022-46663

  • EPSS 0.14%
  • Veröffentlicht 07.02.2023 21:15:09
  • Zuletzt bearbeitet 25.03.2025 15:15:16

In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.

7.5

CVE-2023-25193

  • EPSS 0.06%
  • Veröffentlicht 04.02.2023 20:15:08
  • Zuletzt bearbeitet 25.03.2025 21:15:41

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

6.5

CVE-2023-25136

Exploit
  • EPSS 90.48%
  • Veröffentlicht 03.02.2023 06:15:09
  • Zuletzt bearbeitet 21.11.2024 07:49:10

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to an...

5.5

CVE-2022-3560

  • EPSS 0.04%
  • Veröffentlicht 02.02.2023 21:22:38
  • Zuletzt bearbeitet 26.03.2025 19:15:18

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign'...

5.5

CVE-2022-48303

Exploit
  • EPSS 0.06%
  • Veröffentlicht 30.01.2023 04:15:08
  • Zuletzt bearbeitet 27.03.2025 21:15:40

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archiv...

5.5

CVE-2022-4285

Exploit
  • EPSS 0.03%
  • Veröffentlicht 27.01.2023 18:15:15
  • Zuletzt bearbeitet 28.03.2025 16:15:25

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

7.8

CVE-2022-47021

Exploit
  • EPSS 0.09%
  • Veröffentlicht 20.01.2023 19:15:17
  • Zuletzt bearbeitet 03.04.2025 16:15:29

A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.

7.8

CVE-2023-22809

Exploit
  • EPSS 54.54%
  • Veröffentlicht 18.01.2023 17:15:10
  • Zuletzt bearbeitet 04.04.2025 16:15:16

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to proce...

4.3

CVE-2018-14628

Exploit
  • EPSS 0.46%
  • Veröffentlicht 17.01.2023 18:15:10
  • Zuletzt bearbeitet 22.01.2025 16:10:38

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.