Fedoraproject: Security Vulnerabilities
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-06-28
Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false.
CVSS Score
6.5
EPSS Score
0.007
Published
2022-06-28
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-06-27
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-06-27
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-06-27
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-06-26
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).
CVSS Score
6.1
EPSS Score
0.055
Published
2022-06-24
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.011
Published
2022-06-23
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.008
Published
2022-06-23
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-06-23