Fedoraproject: >> Fedora Security Vulnerabilities
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-04-18
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-04-18
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-04-18
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-04-18
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
CVSS Score
7.8
EPSS Score
0.001
Published
2022-04-18
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).
CVSS Score
9.3
EPSS Score
0.002
Published
2022-04-15
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.01
Published
2022-04-15
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-04-15
STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-04-15
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-04-14