Shodan
Vulnerabilities
Vulnerable Software
Fedoraproject:  >> Fedora  >> 34  Security Vulnerabilities
CVE-2022-27651
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-04-04
CVE-2022-24191
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-04-04
CVE-2022-28388
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-04-03
CVE-2022-28389
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-04-03
CVE-2022-28390
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-04-03
CVE-2021-3847
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-04-01
CVE-2022-1160
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-03-30
CVE-2022-1154
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-03-30
CVE-2022-1122
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-29
CVE-2022-24303
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
CVSS Score
9.1
EPSS Score
0.005
Published
2022-03-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved