Fedoraproject: >> Fedora >> 36 Security Vulnerabilities
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-09-05
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-05
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-05
Use After Free in GitHub repository vim/vim prior to 9.0.0360.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-03
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-09-01
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
CVSS Score
7.0
EPSS Score
0.0
Published
2022-08-31
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
CVSS Score
8.6
EPSS Score
0.006
Published
2022-08-31
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-31
An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.
CVSS Score
7.0
EPSS Score
0.0
Published
2022-08-31
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-31