Fedoraproject: Security Vulnerabilities
Use After Free in GitHub repository vim/vim prior to 9.0.0579.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-25
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-25
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
CVSS Score
6.8
EPSS Score
0.0
Published
2022-09-23
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.
CVSS Score
9.8
EPSS Score
0.726
Published
2022-09-23
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-23
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.
CVSS Score
7.8
EPSS Score
0.009
Published
2022-09-23
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.
CVSS Score
7.0
EPSS Score
0.84
Published
2022-09-23
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-09-22
Use After Free in GitHub repository vim/vim prior to 9.0.0530.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-22
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-09-21