Vulnerabilities
Vulnerable Software
Fedoraproject:  Security Vulnerabilities
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.
CVSS Score
8.1
EPSS Score
0.042
Published
2022-06-08
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.
CVSS Score
7.5
EPSS Score
0.028
Published
2022-06-07
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
CVSS Score
9.8
EPSS Score
0.021
Published
2022-06-06
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
CVSS Score
7.8
EPSS Score
0.031
Published
2022-06-02
Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.
CVSS Score
5.5
EPSS Score
0.011
Published
2022-06-02
Bottle before 0.12.20 mishandles errors during early request binding.
CVSS Score
9.8
EPSS Score
0.019
Published
2022-06-02
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
CVSS Score
6.5
EPSS Score
0.034
Published
2022-06-02
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.
CVSS Score
7.5
EPSS Score
0.014
Published
2022-06-02
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
CVSS Score
6.8
EPSS Score
0.003
Published
2022-06-02
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.016
Published
2022-05-31


Contact Us

Shodan ® - All rights reserved