Fedoraproject: >> Fedora >> 36 Security Vulnerabilities
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-02-01
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-02-01
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-02-01
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-01-29
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-01-26
Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-01-18
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.
CVSS Score
7.8
EPSS Score
0.021
Published
2022-01-15
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-01-14
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-14
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-01-14