Fedoraproject: >> Fedora Security Vulnerabilities
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-29
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-29
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-28
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
CVSS Score
9.1
EPSS Score
0.013
Published
2022-03-28
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-03-26
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-03-26
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-03-26
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-03-26
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-26
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
CVSS Score
10.0
EPSS Score
0.002
Published
2022-03-25