U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 1,109 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Published: September 09, 2022; 10:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-25765

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.

Published: September 09, 2022; 1:15:07 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-3123

Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.

Published: September 05, 2022; 6:15:09 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-3099

Use After Free in GitHub repository vim/vim prior to 9.0.0360.

Published: September 03, 2022; 12:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-1632

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.

Published: September 01, 2022; 5:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2021-3826

Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.

Published: September 01, 2022; 5:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-3028

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.

Published: August 31, 2022; 12:15:11 PM -0400
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2022-1355

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.

Published: August 31, 2022; 12:15:09 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-1354

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.

Published: August 31, 2022; 12:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-3037

Use After Free in GitHub repository vim/vim prior to 9.0.0322.

Published: August 30, 2022; 5:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-38784

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

Published: August 29, 2022; 11:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-1204

A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

Published: August 29, 2022; 11:15:10 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-0367

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

Published: August 29, 2022; 11:15:09 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-0336

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.

Published: August 29, 2022; 11:15:09 AM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-35020

Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.

Published: August 29, 2022; 10:15:12 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-35019

Advancecomp v2.3 was discovered to contain a segmentation fault.

Published: August 29, 2022; 10:15:12 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-35018

Advancecomp v2.3 was discovered to contain a segmentation fault.

Published: August 29, 2022; 10:15:12 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-35017

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

Published: August 29, 2022; 10:15:11 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-35016

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

Published: August 29, 2022; 10:15:11 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-35015

Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.

Published: August 29, 2022; 10:15:11 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)