Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-21538

  • EPSS 0.64%
  • Veröffentlicht 10.01.2023 22:15:14
  • Zuletzt bearbeitet 21.11.2024 07:43:02

.NET Denial of Service Vulnerability

5.3

CVE-2023-22909

  • EPSS 0.36%
  • Veröffentlicht 10.01.2023 08:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.

6.1

CVE-2023-22911

Exploit
  • EPSS 0.59%
  • Veröffentlicht 10.01.2023 08:15:10
  • Zuletzt bearbeitet 07.04.2025 19:15:51

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widg...

7.8

CVE-2023-0049

Exploit
  • EPSS 0.03%
  • Veröffentlicht 04.01.2023 16:15:09
  • Zuletzt bearbeitet 17.01.2025 20:15:26

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.

8.8

CVE-2022-46175

Exploit
  • EPSS 39.95%
  • Veröffentlicht 24.12.2022 04:15:08
  • Zuletzt bearbeitet 21.11.2024 07:30:15

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of key...

7.5

CVE-2022-43551

Exploit
  • EPSS 0.04%
  • Veröffentlicht 23.12.2022 15:15:15
  • Zuletzt bearbeitet 13.02.2026 20:16:13

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the U...

9.8

CVE-2021-33640

  • EPSS 0.18%
  • Veröffentlicht 19.12.2022 16:15:10
  • Zuletzt bearbeitet 02.04.2025 18:33:53

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).

7.5

CVE-2022-3109

  • EPSS 0.18%
  • Veröffentlicht 16.12.2022 15:15:09
  • Zuletzt bearbeitet 07.08.2025 19:26:18

An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.

5.3

CVE-2022-46392

  • EPSS 0.2%
  • Veröffentlicht 15.12.2022 23:15:10
  • Zuletzt bearbeitet 03.11.2025 20:15:57

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key ...

9.8

CVE-2022-46393

  • EPSS 0.82%
  • Veröffentlicht 15.12.2022 23:15:10
  • Zuletzt bearbeitet 21.04.2025 15:15:56

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_...