Fedoraproject: Security Vulnerabilities
AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.
CVSS Score
7.3
EPSS Score
0.008
Published
2022-07-14
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVSS Score
6.5
EPSS Score
0.008
Published
2022-07-14
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
CVSS Score
8.1
EPSS Score
0.056
Published
2022-07-14
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
CVSS Score
6.5
EPSS Score
0.351
Published
2022-07-14
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
CVSS Score
6.5
EPSS Score
0.688
Published
2022-07-14
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-07-12
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVSS Score
6.5
EPSS Score
0.038
Published
2022-07-12
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVSS Score
5.6
EPSS Score
0.049
Published
2022-07-12
Use After Free in GitHub repository vim/vim prior to 9.0.0046.
CVSS Score
7.8
EPSS Score
0.01
Published
2022-07-08
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
CVSS Score
7.8
EPSS Score
0.01
Published
2022-07-08