Fedoraproject: >> Fedora >> 37 Security Vulnerabilities
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-18
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-18
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-17
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-09-16
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension.
CVSS Score
7.5
EPSS Score
0.009
Published
2022-09-15
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVSS Score
8.1
EPSS Score
0.006
Published
2022-09-14
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
CVSS Score
4.8
EPSS Score
0.012
Published
2022-09-14
.NET Core and Visual Studio Denial of Service Vulnerability
CVSS Score
7.5
EPSS Score
0.014
Published
2022-09-13
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.0
Published
2022-09-13
OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.
CVSS Score
5.7
EPSS Score
0.003
Published
2022-09-09