Fedoraproject: Security Vulnerabilities
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-18
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-18
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-17
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-09-16
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension.
CVSS Score
7.5
EPSS Score
0.009
Published
2022-09-15
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVSS Score
8.1
EPSS Score
0.006
Published
2022-09-14
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
CVSS Score
4.8
EPSS Score
0.012
Published
2022-09-14
KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-14
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-09-13
.NET Core and Visual Studio Denial of Service Vulnerability
CVSS Score
7.5
EPSS Score
0.009
Published
2022-09-13