Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-36227

  • EPSS 0.42%
  • Veröffentlicht 22.11.2022 02:15:11
  • Zuletzt bearbeitet 03.11.2025 22:15:59

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476...

8.8

CVE-2021-33621

Exploit
  • EPSS 1.41%
  • Veröffentlicht 18.11.2022 23:15:18
  • Zuletzt bearbeitet 04.11.2025 16:15:42

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

4.6

CVE-2022-39317

  • EPSS 0.07%
  • Veröffentlicht 16.11.2022 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:18:01

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to dec...

5.7

CVE-2022-39318

  • EPSS 0.15%
  • Veröffentlicht 16.11.2022 21:15:10
  • Zuletzt bearbeitet 03.11.2025 21:15:53

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addr...

4.6

CVE-2022-39319

  • EPSS 0.1%
  • Veröffentlicht 16.11.2022 21:15:10
  • Zuletzt bearbeitet 03.11.2025 21:15:53

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to...

5.7

CVE-2022-39316

  • EPSS 0.15%
  • Veröffentlicht 16.11.2022 20:15:10
  • Zuletzt bearbeitet 03.11.2025 21:15:52

FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it...

4.6

CVE-2022-39320

  • EPSS 0.07%
  • Veröffentlicht 16.11.2022 20:15:10
  • Zuletzt bearbeitet 03.11.2025 21:15:53

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP ba...

5.7

CVE-2022-39347

  • EPSS 0.16%
  • Veröffentlicht 16.11.2022 20:15:10
  • Zuletzt bearbeitet 03.11.2025 21:15:53

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the share...

4.6

CVE-2022-41877

  • EPSS 0.11%
  • Veröffentlicht 16.11.2022 20:15:10
  • Zuletzt bearbeitet 03.11.2025 21:15:54

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the ...

5.5

CVE-2022-37290

Exploit
  • EPSS 0.04%
  • Veröffentlicht 14.11.2022 08:15:09
  • Zuletzt bearbeitet 01.05.2025 14:15:26

GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.