Filtered by vendor Fedoraproject
Subscribe
Total
5385 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2129 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2157 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-11-07 | N/A | 8.8 HIGH |
| Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2057 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | |||||
| CVE-2022-2207 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2182 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2343 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. | |||||
| CVE-2022-2231 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2344 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. | |||||
| CVE-2022-2058 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | |||||
| CVE-2022-2206 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-29824 | 5 Debian, Fedoraproject, Netapp and 2 more | 24 Debian Linux, Fedora, Active Iq Unified Manager and 21 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. | |||||
| CVE-2022-2606 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-11-07 | N/A | 8.8 HIGH |
| Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2615 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-11-07 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-2553 | 3 Clusterlabs, Debian, Fedoraproject | 3 Booth, Debian Linux, Fedora | 2023-11-07 | N/A | 6.5 MEDIUM |
| The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. | |||||
| CVE-2022-2284 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2011 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-11-07 | N/A | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2619 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-11-07 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | |||||
| CVE-2022-2309 | 3 Fedoraproject, Lxml, Xmlsoft | 3 Fedora, Lxml, Libxml2 | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. | |||||
| CVE-2022-2158 | 2 Fedoraproject, Google | 3 Extra Packages For Enterprise Linux, Fedora, Chrome | 2023-11-07 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2614 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-11-07 | N/A | 8.8 HIGH |
| Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||