Fedoraproject: >> Fedora >> 35 Security Vulnerabilities
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-09
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-09
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
CVSS Score
7.3
EPSS Score
0.879
Published
2022-09-09
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-09-05
Use After Free in GitHub repository vim/vim prior to 9.0.0360.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-03
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-09-01
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-01
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
CVSS Score
7.0
EPSS Score
0.0
Published
2022-08-31
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-31
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-08-31