Fedoraproject: >> Fedora >> 35 Security Vulnerabilities
Advancecomp v2.3 was discovered to contain a heap buffer overflow.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-29
Advancecomp v2.3 was discovered to contain a heap buffer overflow.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-29
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-27
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-08-26
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.
CVSS Score
8.2
EPSS Score
0.042
Published
2022-08-25
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-08-25
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.
CVSS Score
7.5
EPSS Score
0.015
Published
2022-08-25
CVE-2022-32893
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Known exploited
CVSS Score
8.8
EPSS Score
0.001
Published
2022-08-24
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-24
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVSS Score
3.3
EPSS Score
0.001
Published
2022-08-24