Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2022-4122

  • EPSS 0.17%
  • Veröffentlicht 08.12.2022 16:15:14
  • Zuletzt bearbeitet 22.04.2025 21:15:44

A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.

3.3

CVE-2022-4123

  • EPSS 0.04%
  • Veröffentlicht 08.12.2022 16:15:14
  • Zuletzt bearbeitet 22.04.2025 21:15:44

A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.

9.8

CVE-2022-24439

Exploit
  • EPSS 70.15%
  • Veröffentlicht 06.12.2022 05:15:11
  • Zuletzt bearbeitet 03.11.2025 22:15:57

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possibl...

6.1

CVE-2022-46391

  • EPSS 0.35%
  • Veröffentlicht 04.12.2022 03:15:09
  • Zuletzt bearbeitet 24.04.2025 16:15:23

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.

5.4

CVE-2022-46149

  • EPSS 0.15%
  • Veröffentlicht 30.11.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 07:30:12

Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerab...

6.5

CVE-2022-4144

  • EPSS 0.02%
  • Veröffentlicht 29.11.2022 18:15:10
  • Zuletzt bearbeitet 14.04.2025 18:15:24

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into a...

6.5

CVE-2022-4172

Exploit
  • EPSS 0.03%
  • Veröffentlicht 29.11.2022 18:15:10
  • Zuletzt bearbeitet 14.04.2025 18:15:25

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer alloc...

5.5

CVE-2022-4129

  • EPSS 0.02%
  • Veröffentlicht 28.11.2022 22:15:11
  • Zuletzt bearbeitet 14.04.2025 18:15:24

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a ...

7.8

CVE-2022-45939

  • EPSS 0.04%
  • Veröffentlicht 28.11.2022 06:15:10
  • Zuletzt bearbeitet 28.04.2025 19:15:46

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may u...

7.8

CVE-2022-45934

  • EPSS 0.41%
  • Veröffentlicht 27.11.2022 04:15:10
  • Zuletzt bearbeitet 29.04.2025 14:15:30

An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.