Fedoraproject: >> Fedora >> 35 Security Vulnerabilities
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-05-26
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-05-26
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-05-26
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-05-25
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-05-25
A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-05-24
A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-05-24
A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-05-24
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.
CVSS Score
7.4
EPSS Score
0.004
Published
2022-05-24
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-05-18