Fedoraproject: >> Fedora Security Vulnerabilities
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. NOTE: The npm team believes this is not a vulnerability. It would require someone to socially engineer package.json which has different dependencies than package-lock.json. That user would have to have file system or write access to change dependencies. The npm team states preventing malicious actors from socially engineering or gaining file system access is outside the scope of the npm CLI.
CVSS Score
9.0
EPSS Score
0.019
Published
2021-11-13
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-11-10
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-11-09
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
CVSS Score
7.5
EPSS Score
0.009
Published
2021-11-08
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-11-08
An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-11-08
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-11-05
vim is vulnerable to Heap-based Buffer Overflow
CVSS Score
7.3
EPSS Score
0.002
Published
2021-11-05
vim is vulnerable to Use of Uninitialized Variable
CVSS Score
7.3
EPSS Score
0.0
Published
2021-11-05
An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-11-03