Fedoraproject: >> Fedora >> 36 Security Vulnerabilities
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
CVSS Score
6.6
EPSS Score
0.0
Published
2022-05-17
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-05-16
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-05-16
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-05-16
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-05-14
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-05-12
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.
CVSS Score
6.6
EPSS Score
0.001
Published
2022-05-12
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-05-11
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-05-11
.NET and Visual Studio Denial of Service Vulnerability
CVSS Score
7.5
EPSS Score
0.017
Published
2022-05-10