Shodan
Vulnerabilities
Vulnerable Software
Fedoraproject:  >> Fedora  >> 36  Security Vulnerabilities
CVE-2022-24790
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.
CVSS Score
9.1
EPSS Score
0.004
Published
2022-03-30
CVE-2022-1160
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-03-30
CVE-2022-28202
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-03-30
CVE-2022-1122
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-03-29
CVE-2022-26280
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-28
CVE-2022-27939
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-26
CVE-2022-27940
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-26
CVE-2022-27941
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-26
CVE-2022-27942
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-26
CVE-2022-27943
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-03-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved