Fedoraproject: >> Fedora >> 35 Security Vulnerabilities
Use After Free in GitHub repository vim/vim prior to 8.2.
CVSS Score
8.4
EPSS Score
0.007
Published
2022-02-02
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
7.0
EPSS Score
0.047
Published
2022-02-02
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
CVSS Score
8.4
EPSS Score
0.017
Published
2022-02-01
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
CVSS Score
7.5
EPSS Score
0.141
Published
2022-02-01
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-02-01
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-01
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-01
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
CVSS Score
7.5
EPSS Score
0.021
Published
2022-02-01
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-01
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-01