Fedoraproject: >> Fedora >> 35 Security Vulnerabilities
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-10-20
vim is vulnerable to Heap-based Buffer Overflow
CVSS Score
7.8
EPSS Score
0.002
Published
2021-10-19
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.
CVSS Score
7.5
EPSS Score
0.014
Published
2021-10-18
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.
CVSS Score
7.5
EPSS Score
0.025
Published
2021-10-18
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-10-18
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
CVSS Score
7.5
EPSS Score
0.022
Published
2021-10-18
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
CVSS Score
9.8
EPSS Score
0.138
Published
2021-10-18
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-10-15
vim is vulnerable to Heap-based Buffer Overflow
CVSS Score
7.8
EPSS Score
0.002
Published
2021-10-15
MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-11