Fedoraproject: Security Vulnerabilities
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-05-26
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-05-25
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-05-25
A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-05-24
A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-05-24
A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-05-24
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.
CVSS Score
7.4
EPSS Score
0.004
Published
2022-05-24
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
CVSS Score
8.8
EPSS Score
0.257
Published
2022-05-24
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-05-18
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
CVSS Score
4.3
EPSS Score
0.005
Published
2022-05-18