Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-3256 |
Use After Free in GitHub repository vim/vim prior to 9.0.0530. Published: September 22, 2022; 9:15:09 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-3080 |
By sending specific queries to the resolver, an attacker can cause named to crash. Published: September 21, 2022; 7:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38178 |
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. Published: September 21, 2022; 7:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38177 |
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. Published: September 21, 2022; 7:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-2795 |
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. Published: September 21, 2022; 7:15:09 AM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2022-32886 |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. Published: September 20, 2022; 5:15:11 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-39958 |
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected by a web application firewall that uses CRS. Short subsections of a restricted resource may bypass pattern matching techniques and allow undetected access. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively and to configure a CRS paranoia level of 3 or higher. Published: September 20, 2022; 3:15:12 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-39957 |
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web application firewall. A restricted resource, access to which would ordinarily be detected, may therefore bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively. Published: September 20, 2022; 3:15:12 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-39956 |
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. The multipart payload will therefore bypass detection. A vulnerable backend that supports these encoding schemes can potentially be exploited. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. The mitigation against these vulnerabilities depends on the installation of the latest ModSecurity version (v2.9.6 / v3.0.8). Published: September 20, 2022; 3:15:12 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-39955 |
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" names and therefore bypassing the configurable CRS Content-Type header "charset" allow list. An encoded payload can bypass CRS detection this way and may then be decoded by the backend. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively. Published: September 20, 2022; 3:15:12 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-3213 |
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. Published: September 19, 2022; 2:15:09 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-3235 |
Use After Free in GitHub repository vim/vim prior to 9.0.0490. Published: September 18, 2022; 4:15:09 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-40768 |
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. Published: September 18, 2022; 1:15:08 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-3234 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. Published: September 17, 2022; 6:15:09 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-30674 |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: September 16, 2022; 2:15:12 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-39209 |
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension. Published: September 15, 2022; 2:15:12 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-40674 |
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Published: September 14, 2022; 7:15:54 AM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2021-36568 |
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7. Published: September 13, 2022; 6:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-38013 |
.NET Core and Visual Studio Denial of Service Vulnerability Published: September 13, 2022; 3:15:12 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-40320 |
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. Published: September 09, 2022; 5:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |