Fedoraproject: Security Vulnerabilities
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-03-01
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-02-28
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-02-28
A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-02-27
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-02-23
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-20
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
CVSS Score
7.5
EPSS Score
0.013
Published
2023-02-17
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
CVSS Score
7.4
EPSS Score
0.026
Published
2023-02-15
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-02-08
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-07