Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.43%
  • Veröffentlicht 12.01.2023 15:15:10
  • Zuletzt bearbeitet 08.04.2025 16:15:23

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via...

Exploit
  • EPSS 0.27%
  • Veröffentlicht 12.01.2023 06:15:08
  • Zuletzt bearbeitet 08.04.2025 16:15:24

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., w...

  • EPSS 0.52%
  • Veröffentlicht 11.01.2023 01:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.

  • EPSS 6.35%
  • Veröffentlicht 10.01.2023 22:15:14
  • Zuletzt bearbeitet 08.04.2025 19:15:46

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

  • EPSS 2.74%
  • Veröffentlicht 10.01.2023 22:15:14
  • Zuletzt bearbeitet 21.11.2024 07:43:02

.NET Denial of Service Vulnerability

  • EPSS 0.87%
  • Veröffentlicht 10.01.2023 08:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.

Exploit
  • EPSS 0.57%
  • Veröffentlicht 10.01.2023 08:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widg...

Exploit
  • EPSS 0.47%
  • Veröffentlicht 04.01.2023 16:15:09
  • Zuletzt bearbeitet 17.01.2025 20:15:26

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.

Exploit
  • EPSS 9.3%
  • Veröffentlicht 24.12.2022 04:15:08
  • Zuletzt bearbeitet 21.11.2024 07:30:15

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of key...

Exploit
  • EPSS 16.54%
  • Veröffentlicht 23.12.2022 15:15:15
  • Zuletzt bearbeitet 13.02.2026 20:16:13

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the U...