Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-28861 |
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." Published: August 22, 2022; 9:15:07 PM -0400 |
V3.1: 7.4 HIGH V2.0:(not available) |
CVE-2022-2923 |
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. Published: August 22, 2022; 5:15:08 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-2889 |
Use After Free in GitHub repository vim/vim prior to 9.0.0225. Published: August 19, 2022; 9:15:08 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-37049 |
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942. Published: August 18, 2022; 4:15:11 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-37048 |
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. Published: August 18, 2022; 4:15:11 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-37047 |
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940. Published: August 18, 2022; 4:15:11 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-2869 |
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. Published: August 17, 2022; 6:15:08 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-2868 |
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. Published: August 17, 2022; 6:15:08 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-2867 |
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. Published: August 17, 2022; 6:15:08 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-2845 |
Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. Published: August 17, 2022; 11:15:07 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-2817 |
Use After Free in GitHub repository vim/vim prior to 9.0.0213. Published: August 15, 2022; 7:15:09 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-2816 |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. Published: August 15, 2022; 6:15:08 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-2819 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. Published: August 15, 2022; 7:21:31 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-38150 |
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1. Published: August 10, 2022; 9:15:10 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-28131 |
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. Published: August 10, 2022; 4:15:32 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2021-33646 |
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. Published: August 10, 2022; 4:15:20 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2021-33645 |
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. Published: August 10, 2022; 4:15:20 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2021-33644 |
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. Published: August 10, 2022; 4:15:20 PM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2021-33643 |
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. Published: August 10, 2022; 4:15:20 PM -0400 |
V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2022-31780 |
Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Published: August 10, 2022; 2:15:08 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |